As of 2018, ransomware is at an all-time high. It accounted for 39% of all malware-related breaches, and it continues to do so at an alarming rate. People continue to fall victim to all sorts of social engineering attacks, and email is still the main entry point for malware. Statistics show that 96% of cyber-attacks enter through people’s inboxes. Companies are also nearly three times more likely to get breached via email, highlighting the need for more employee education on the matter.
What the best line of defense that companies have against these attacks is to block any malicious emails before they reach their employees or customers. Nevertheless, some still make it into people’s inboxes, and many people can’t tell the difference.
How to Spot a Fake Email
Many phishing emails will try to scare you with warnings of stolen information and then offer an easy solution by asking you to click here and ‘verify’ your data on their website. Alternatively, you will be presented with an email claiming you won some prize or the lottery and are requesting your personal and financial information to declare it.
If you find yourself in doubt, contact the company or organization that supposedly sent you the email and talk to them directly by phone.
Don’t Trust the Display Name
One favorite phishing tactic is to spoof the email. It means that the sender address has been forged to resemble something more credible. Once delivered, this email will appear legitimate, especially now that most inboxes present just the display name. Check the email address in the header and if it looks suspicious, leave the email alone.
Don’t Click on Links
Instead of clicking on links in your emails, hover your mouse cursor over them for a bit, and an embedded link will appear. If its address looks strange, do not click on it. If you want to check it, open a new window and type in the address directly.
Look at the Language Used
Legitimate organizations use qualified copywriters and editors when working with email. With this in mind, if you spot any spelling mistakes or poor grammar, you should be cautious about it.
Likewise, phishing emails tend to instill a sense of urgency into what they have to say. Things like “your account has been suspended” or “your account had an unauthorized login attempt,” are examples of this.
A lack of details about the signer and how to contact that company is another sign that may suggest a phishing email. Legitimate businesses always provide a signature at the bottom of the email.
Last but not least, is the way the email is addressing you. Companies that you are already working with probably know your name and will most likely use it when talking to you. If the email addresses you like “Valued Customer,” “Dear Customer,” or anything else vague like that, it should raise suspicion.