How to Spot and React to a Phishing Email

What is a Phishing Email? 

Phishing (pronounced: fishing) is an attack that attempts to steal the target's money (or identity) by getting them to reveal personal information. As phishing attacks are rising, learning how to spot and report them is essential. 

Emails you should be cautious about:

1. Emails Demanding Urgent Action

Be on your guard whenever you receive an email asking you for immediate action. Attackers often use this approach to rush recipients into action before they even take the time to study the email for potential flaws or inconsistencies.

2. Inconsistencies in Email Addresses, Links & Domain Names

 If the domain name (after the "@" symbol) matches the apparent sender of the email, the message is probably legitimate; if not, it's almost certainly a scam.

Be cautious of public email domains (such as "@gmail.com"). Attackers might use a company's name before the "@," so please remember that the critical part of the address is what comes after the "@" symbol. Only this part of the email address can indicate the organization from which the email has been sent.

Last but not least, make sure the email address is spelled correctly. Phishing emails often use email addresses very similar to legitimate ones, with minor spelling errors (such as one different letter).

3. Emails containing Suspicious Attachments

 Nowadays, most organizations share work-related files via collaboration tools such as Google Drive or Dropbox. Please always treat internal emails with attachments suspiciously, especially if they have an unfamiliar extension or one commonly associated with malware (.zip, .exe, etc.).

4. Emails Requesting Login Credentials, Payment Information, and other Sensitive Data

Emails requesting sensitive data should always be treated cautiously, especially from an unexpected or unfamiliar sender. Spear phishers can forge login pages to look similar to the real ones and send an email containing a link that directs the recipient to the fake page.

What to do when you are unsure it is a phishing email?

#1 Never click any links or attachments in suspicious emails.

#2 If the suspicious message appears to come from someone you know or from an organization you've been contacting:

1. Check the sender's address against previous emails from the same organization first;

2. Contact that person via other means, such as text messages or phone calls to confirm it.

#3 Get help from your IT Support

Report the email and wait for further instructions. When reporting the email, make sure you send it as an attachment, do not just forward it. It is crucial to ensure that all the necessary information is included.

Are you looking for an IT Provider? Learn more about how we can help right here.