While antivirus programs can keep you safe from unwanted privacy invaders, phishing emails can trick you into handing over crucial information. There can be many different types of phishing emails that strike en masse or specific targets, using different ruses and methods to steal data. Many of these emails and pop-up ads that float around your screen are designed to send you to a malicious website that may either steal your login credentials when you submit them or cause you to unknowingly download malware.
Extensions like ad blockers can go a long way in keeping those pop-ups out of your view and away from your cursor. There are also ways you can identify dangerous websites, by using online web inspectors and URL risk analyzers. Alongside that, it's also important to be very cautious when clicking URLs and downloading attachments sent in seemingly inconspicuous emails. The email address from which the email has been sent, the syntax, and the language of the email, can all be clues as to whether or not you’re dealing with a phishing email. Make sure to keep these tips in mind every time you open an email.
Many phishing emails do whatever is needed to ensure their emails look as close to the real deal as possible. Don’t be taken in by an email with a legit corporation logo. Make sure to look at the details of the mail.
(Source)
Most legitimate companies don’t usually send attachments without letting you know. If you receive an attachment, contact the company to determine whether it's real before downloading it.
(Source)
When an email provides a link to follow, hover your cursor over the link to see if the actual URL is the one provided in the mail. Phishing emails may switch the URLs to send you to malicious websites. It is usually better to go to the original website directly. The same rule should be applied to mails that specify urgent action needed.
Most reputable companies and financial institutions like banks and credit card companies don’t make you login directly through the email or through a link. If you receive a mail warning you of a possible breach or issue with your account, open the original website and log in normally.
(Source)
Emails with minimal text and generic attachments may be indicative of a hacker attempting to avoid leaving room for error. They may appear to be texts from co-workers, however, they shouldn’t be opened until the sender has been verified.
(Source)
Some emails may try to impersonate major companies or financial institutions, even the IRS, and send emails warning against inaction and demanding a fee or payment be made urgently. In the case of the IRS, people are coerced into paying a “tax debt”. The IRS typically communicates through post, and in case of online payments, check with the actual company directly.
(Source)
The sender ID is the email address of the sender usually displayed at the top of the email under the subject. Always double check the sender ID for any emails asking you to sign in or approve a change in your account. Verify the domain as well, the last portion of the email address that says “@example.com”.
(Source)
Many phishing emails are launched by non-native English speakers to English speaking countries like the US, so they are likely to have grammar mistakes. Grammatical errors are usually uncommon in official mails from authorized sources and legitimate companies.
(Source)
The way in which the email is signed off can also be an indicator of suspicious activity. Official communication from a company will likely have a specific signature. An official designation along with contact information and company details.
These words are used a lot when it comes to phishing emails, but that is because it is an extremely common practice. While the above tips can help identify most types, there are also phishing emails that are near indistinguishable from the real deal. Keep a steady eye out for any of the above possible red flags, or emails requesting personal information. As much as possible, check with the original source, website, domain, or the company or institution directly before releasing any information, clicking any links, downloading attachments, or making payments.
