The problem with phishing schemes is that anyone can appear to be somebody else—even in emails.
Hackers have become incredibly good at faking email messages, making it look as if an email came from a colleague or co-worker. Hackers are also good at pretending to be banks, government agencies, well-known brands, and other entities that we feel inclined to trust. These dangers open the door to data breaches, identity theft, and other costly threats.
How to Spot a Phishing Email: 4 Key Strategies to Teach Your Employees
The first step to fighting phishing scams and the data breaches they can cause is to remind your employees that they need to be vigilant. We all have our blind spots when it comes to email: things that we trust at face value without even thinking about it. If you see an email that appears to be from a family member or the IRS, would your first reaction be “This could be fake”? Probably not. To remain safe in today’s online environment, we all should adopt a “trust but verify” strategy.
Training your employees to be skeptical about the email messages they receive will be arguably the most difficult part of fighting against phishing. Luckily, there are a few strategies you can give to your team members that they can use to identify fake and dangerous email messages.
Here are the top tactics for spotting a phishing email:
1. Watch out for emails that ask for money or personal information
Passwords, payments and personal information are the “Three Ps” of phishing scams. If you receive an email asking you to share your passwords or sensitive information, or urging you to make a payment out of the blue (the latter approach is popular among IRS and tax-related phishing emails), you should be on high alert immediately. Don’t comply with the request of the sender. Instead, look for other suspicious signs.
2. Be cautious about links and attachments
In office environments, workers exchange website links and attachments all the time. Sending these items via email is often the best way to collaborate on projects and share information. If you receive an unsolicited email with an attachment or hyperlink, you should be cautious. As with requests for passwords, payments, or personal information, unsolicited links or attachments should trigger a more in-depth inspection of the email.
3. Check the sender’s email address
An email display name is a phishing attacker’s best friend. When an email comes into your inbox, and the display name is a person or organization that you know, the impulse is to let your guard down. However, email display names are also easy to fake. What can’t be faked, however, is the email address itself. As such, if you have reason to be suspicious about an email, the first thing you should do is double check where it came from. If the display name says the email came from a coworker but the email address doesn’t match the coworker’s work address, the email is probably a phishing scam. The same is true for emails that claim to be from your bank or the IRS but come from Yahoo, Hotmail, or Gmail addresses.
4. The tone or spelling of the email is off
We all know how our friends, loved ones, and colleagues talk and write. Employees should be trained to assess the tone of an email. If it doesn’t seem like the tone of the email matches the usual “voice” of the supposed sender, there is a good chance it is a counterfeit. Scam emails will often read like they were written by someone who doesn’t speak English as their native language. Awkward sentences, grammar errors, and misspellings, then, can all be signs of a phishing scam.
5. Generic greetings
One of the quickest ways to spot a phishing email is to look for a generic greeting. Phishing scams will often use generic salutations (such as “Dear Customer,” “Dear Sir/Madam,” or “To Whom It May Concern”) instead of more personal greetings. Of course, some hackers are more sophisticated and have devised ways to insert customer names into their email greetings. However, if you do see a generic salutation of this ilk, it should at very least put you on high alert.
These strategies certainly aren’t the only ones that your team can use to spot phishing scams, but they do highlight some of the most common characteristics of dangerous emails. Focusing on these red flags in your employee training sessions should help keep your team members on high alert. Hopefully, the training will pay off and help your business avoid phishing scams and their associated costs.