Phishing Red Flags
What should you look for to ensure you and your employees do not responding to fraudulent emails?
Phishing continues to be one of the top ways that criminals target companies. By preying on employees who may be undereducated on the area of cybersecurity, criminals find ways to access information and hack into systems. We've compiled some of the red flags to look for when receiving email to assess the emails and see if it could be a phishing attempt. We recommend that if you are at all suspicious you double check the source before clicking, downloading, or replying with any sensitive information. We also highly encourage employers to forward this information on to all employees within their organization to ensure education of all users.
Unofficial "From" address - When receiving an email, you should always double check the senders email address before clicking links, downloading files or responding with sensitive information. Criminals regularly set up fraudulent email accounts that will appear to be from a person in your organization but when you double check the actual email sending it, you will see it is actually a spoofed email account, instead of the correct company account.
Urgent Action Required - Criminals use urgency to get targets to react quickly and often without thinking. If an email comes through and wants you to do something right away while stressing urgency, it is best practice to call the person asking for the urgent request and double checking that they are actually making the request before responding.
Generic Greeting - Emails that come through with generic and unspecific titles are a red flag. In a corporate setting, most emails will come through with a title that makes you aware of the subject in the email. If the title is generic, be extra cautious and make sure there are no other red flags before responding.
Link to fake website - When a website link is sent to you via email it is best practice to check the link very closely before clicking. Criminals will sometimes use links that are very close (sometimes off by only one letter or punctuation point) to guide you, unknowingly, to the incorrect site.
File downloads you weren't expecting - If you receive emails containing downloads that you did not ask for or were not expecting it is best practice to double check from the source before downloading. Criminals can include malware in downloads and just by downloading the file, you can do harm to your system.
Asking for personal information - Any company asking for personal information via email is a red flag. Most legitimate companies will instruct you to use a form directly through their secure site or call you over the phone to request sensitive information.
Poorly written - If an email is poorly written or uses improper grammar, proceed with caution. Many criminals are not fluent English speakers and use broken English when sending phishing emails.
If you have any questions or are worried you may have already responded in some way to a fraudulent email, we encourage to reach out to tech support immediately. You can contact us at firstname.lastname@example.org or 800-358-7447
Continue User Cybersecurity Education with our *FREE* Security Awareness Training