The Email Encourages A Sense Of Urgency
- Click this now to stop your Amazon account from being deactivated!
- Make this payment today to avoid debt collection activity!
- Please click to confirm your security details
Of course, other scam attempts, such as outright blackmail, will always come with a sense of urgency. But those trying to establish confidence and, therefore, legitimacy will usually adopt the disguise of a known brand, such as Amazon. For businesses, there are numerous fake emails pretending to be sent from government tax departments.
Speaking of big names, the top-ten brands phishers used as a disguise in 2020 were:
So be particularly attentive when you receive suspicious, urgent, or threatening emails from these companies.
How Phishing Emails Affect Cpanel Users
With cPanel & WHM powering more than 1/3 the websites on the internet, cPanel users are some of the easiest targets out there. We take steps to help end users more easily weed out some of the obvious offenders by using strict SPF records, but that doesnt prevent all attacks. Education, reporting, and mitigation is key to preventing the effectiveness of these attacks.
In Conlusion Best Ways To Spot A Phishing Email
Being knowledgeable when it comes to the dangers of phishing email scams and how to spot them is extremely important in todays day and time. Keeping your information safe is of the utmost importance, so try to keep this motto in mind: when in doubt, throw it out. If you feel like its a phishing scam, its always better to be safe than sorry. Hopefully this posts gives you a better understanding of the best ways to detect a phishing email.
Check out an infographic on 5 Ways to Spot a Phishing Emailhere.
Don’t Miss: What Is Best Signature For Emails
Update Your Software Now
We secure our valuables our wallets, keys, and homes. We know that, if left unsecured, they can easily be a target for criminals. So it makes sense to think the same way about the information stored on all our devices.
Computers, tablets, phones and other personal devices hold your emails and your financial and tax documents . Criminals who get access to this valuable information can commit identity theft, put harmful software on your devices, or both.
Whats one easy way to help protect all of this sensitive information? Update your software regularly, and as soon as possible when a newer version comes out. Whats an even easier way? Set the updates to happen automatically. Dont ignore reminders to update. Criminals look to exploit vulnerabilities before the software companies can fix it. Delaying gives hackers time to access your information even when a patch is out there to lock them out.
So what software should you be updating?
What To Do If You Were Scammed
If you paid a tech support scammer with a credit or debit card, you may be able to stop the transaction. Contact your credit card company or bank right away. Tell them what happened and ask if they can reverse the charges.
If you paid a tech support scammer with a gift card, contact the company that issued the card right away. Tell them you paid a scammer with the gift card and ask if they can refund your money.
If you gave a scammer remote access to your computer, update your computers security software. Then run a scan and delete anything it identifies as a problem.
If you gave your user name and password to a tech support scammer, change your password right away. If you use the same password for other accounts or sites, change it there, too. Create a new password that is strong.
Avoid Tech Support Refund Scams
If someone calls to offer you a refund for tech support services you paid for, its likely a fake refund scam. How does the scam work? The caller will ask if you were happy with the services you got. If you say, No, theyll offer you a refund. In another variation, the caller says the company is giving out refunds because its going out of business. No matter their story, theyre not giving refunds. Theyre trying to steal more of your money. Dont give them your bank account, credit card or other payment information.
Read Also: How To Create Email With Domain Name
It Links To An Unfamiliar Or Misspelled Email Address
For the same reason that scammers are forced to use bogus email domain names, they must also use fake domain names when directing victims to their website.
As such, the supposed destination of the URL wont match the context of the message. For example, if the email is from Netflix, the link should begin www.netflix.com/. If that isnt the case, you should presume that the message is a scam.
Sometimes scammers attempt to get around this by hiding their links in buttons that say, for instance, click here.
However, if you hover your cursor over the button, the URL will appear in the bottom left corner of your screen, allowing you to see whether its genuine or not.
Is Your Organisation Prepared
As sophisticated as cyber criminals attacks are, there are always clues that can help you stay safe. The hard part is memorising these tricks.
To help you and your staff do this, weve created the Phishing Challenge E-learning Game.
It contains a variety of phishing problems across a range of business scenarios and industries. Players are asked to spot the real emails from the scams, and to identify the giveaways on malicious messages.
Are you looking for more traditional staff awareness training? Our Phishing Staff Awareness Course teaches you everything you need to know in just 45 minutes.
The content is updated quarterly to cover the latest attack methods, so you can be sure that youre one step ahead of scammers.
A version of this blog was originally published on 12 June 2019.
You May Like: How To Get Rid Of Spam Emails On Iphone
Why Socially Engineered Phishing Emails Are So Effective
Its actually quite scary how much you can find out about an individual on the Internet without having to hack databases or trick somebody into divulging confidential information. Hackers can quickly accumulate personal information from social media sites, professional profiles and other online publications in order to identify the triggers that people respond to.
It would not be too difficult to find details of an employee s children, the school they attend, and an event happening at the school, in order to send the parent an email inviting them to click on a link or open an attachment about their childs participation in the event. With the advent of Machine Learning and Artificial Intelligence, phishers will be able to collate this information much more quickly in the future.
The Message Appears To Be From A Government Agency
Phishing artists who want to use intimidation don’t always pose as a bank. Sometimes they’ll send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen.
I can’t tell you how government agencies work outside the United States. But here, government agencies don’t normally use email as an initial point of contact. That isn’t to say that law enforcement and other government agencies don’t use email. However, law enforcement agencies follow certain protocols. They don’t engage in email-based extortion–at least, not in my experience.
Don’t Miss: What Is Facebook Email Address
If You Receive A Phishing Email
Never click any links or attachments in suspicious emails. If you receive a suspicious message from an organization and worry the message could be legitimate, go to your web browser and open a new tab. Then go to the organization’s website from your own saved favorite, or via a web search. Or call the organization using a phone number listed on the back of a membership card, printed on a bill or statement, or that you find on the organization’s official website.
If the suspicious message appears to come from a person you know, contact that person via some other means such as text message or phone call to confirm it.
Report the message .
How To Recognize A Phishing Email: Simple Tips
Lets wrap things up with some summarized tips on how to avoid phishing emails:
- When in doubt, directly contact the organization that supposedly emailed you instead of opening links included in suspicious emails.
- Examine suspicious emails carefully to check for telltale signs of phishing, such as poor grammar, grainy logos, or bogus links.
- If you accidentally click a phishing link, dont enter any data, and close the page.
- If you think phishing scammers are targeting you, run a virus scan, backup your files, and change all your passwords.
You May Like: How To Get Rid Of An Email Address
How To Avoid Getting Caught In A Phishing Net
Always be suspicious. Phishing emails try to freak you out with warnings of stolen information or worse, and then offer an easy fix if you just “click here.” When in doubt, don’t click. Instead, open your browser, go to the company’s website, then sign in normally to see if there are any signs of strange activity. If you’re concerned, change your password.
Check for bad spelling and grammar. Most of the missives that come from outside the US are riddled with spelling mistakes and bad grammar. As I noted earlier, big companies hire professionals to make sure their emails contain perfect prose. If you’re looking at one that doesn’t, it’s almost certainly a fake.
Beef up your browser. An accidental click of a phishing link doesn’t have to spell disaster. McAfee SiteAdvisor and Web of Trust are free browser add-ons that will warn you if the site you’re about to visit is suspected of malicious activity. They’re like traffic cops that stop you before you turn down a dangerous street.
Use your phone. If you’re checking email on your phone, it might actually be harder to spot a phishing attempt. You can’t “mouse over” a questionable link, and the smaller screen makes you less likely to spot obvious gaffes. Although many phone browsers are immune from harmful sites and downloads, it’s still good to exercise caution when dealing with suspicious links. Android users in particular should be aware of the potential risks.
Learn To Spot A Phishing Message
Phishing is a popular form of cybercrime because of how effective it is. Cybercriminals have been successful using emails, text messages, direct messages on social media or in video games, to get people to respond with their personal information. The best defense is awareness and knowing what to look for.
Here are some ways to recognize a phishing email:
Tip: On Android long-press the link to get a properties page that will reveal the true destination of the link. On iOS do what Apple calls a “Light, long-press”.
Mismatched email domains – If the email claims to be from a reputable company, like Microsoft or your bank, but the email is being sent from another email domain like Yahoo.com, or microsoftsupport.ru it’s probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second “o” has been replaced by a 0, or rnicrosoft.com, where the “m” has been replaced by an “r” and a “n”. These are common tricks of scammers.
Cybercriminals can also tempt you to visit fake websites with other methods, such as text messages or phone calls. Sophisticated cybercriminals set up call centers to automatically dial or text numbers for potential targets. These messages will often include prompts to get you to enter a PIN number or some other type of personal information.
Are you an administrator or IT pro?
Read Also: How To Check My Email
Ways To Spot Phishing Email
Socially engineered phishing emails often evade detection by email filters due to their sophistication. They have the right Sender Policy Frameworks and SMTP controls to pass the filter s front-end tests, and are rarely sent in bulk from blacklisted IP addresses to avoid being blocked by Realtime Blackhole Lists. Because they are often individually crafted, they can even evade detection from advanced email filters with Greylisting capabilities.
However, phishing emails often have common characteristics they are frequently constructed to trigger emotions such as curiosity, sympathy, fear and greed. If a workforce is advised of these characteristics and told what action to take when a threat is suspected the time invested in training a workforce in how to spot a phishing email can thwart attacks and network infiltration by the attacker.
1. Emails Demanding Urgent Action
Emails threatening a negative consequence, or a loss of opportunity unless urgent action is taken, are often phishing emails. Attackers often use this approach to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies.
2. Emails with Bad Grammar and Spelling Mistakes
3. Emails with an Unfamiliar Greeting or Salutation
4. Inconsistencies in Email Addresses, Links & Domain Names
5. Suspicious Attachments
6. Emails Requesting Login Credentials, Payment Information or Sensitive Data
7. Too Good to Be True Emails
What Happens If You Click A Link In A Phishing Email
Never click links in suspicious emails. If you click a link you suspect a phishing scammer sent, the link will take you to a web page with a form where you can enter sensitive data such as your Social Security number, credit card information, or login credentials. Do not enter any data on this page.
Recommended Reading: How To Send Video From Phone To Email
Look For Suspicious Attachments Or Links
Unless youre anticipating a file, never download anything attached to an email. Hackers often disguise malware as legitimate files. Once downloaded, these files not only threaten your data but the data of anyone on your network. The same goes for suspicious links.
Always check the URL before clicking the link. Legitimate links will be hosted on the domain name of the company sending the email.
PRO TIP on a mobile device and unsure how to see the link before clicking? Hold down your finger on the link until the destination pops up to see the URL before you visit.
The Message Makes Unrealistic Threats
Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it’s probably a scam. Let me give you an example.
About 10 years ago, I received an official-looking letter that was allegedly from US Bank. Everything in the letter seemed completely legit except for one thing. The letter said my account had been compromised and that if I did not submit a form along with two picture IDs, my account would be canceled and my assets seized.
I’m not a lawyer, but I’m pretty sure that it’s illegal for a bank to close your account and seize your assets simply because you didn’t respond to an email message. Not only that, but the only account I had with US Bank was a car lease. There were no deposits to seize because I did not have a checking or savings account with the bank.
Also Check: How To Mass Delete Emails On Iphone