Phishing emails are fast becoming one of the most frequent and easily-carried out cyber crimes. Unfortunately as these types of scams become more sophisticated, more and more people are falling victim. Even worse, if you find yourself accidentally clicking on a dodgy link, the impact of exposing your personal or work information can be long term and far reaching. So how do you spot a phishing email and how can you protect yourself from falling prey to these online scams?
What Is Phishing Email?
Let’s start by taking a look at what phishing actually is. It’s usually carried out by email but increasingly we’re seeing phishing scams using messaging and social media apps. Scammers impersonate legitimate organisations to steal valuable data. The goal is to persuade you of the need to take some urgent action such as clicking a link in the email or downloading an attachment. The message may use scare tactics such as “your account has been frozen” or inform you that you have “won something” or “been selected to take part’ in something as a means of inducing you to take the required action.
Once you do you will usually be taken to a fake webpage where you may be asked to confirm usernames, passwords, bank details, date of birth or other sensitive information. It’s important to recognise that anyone can fall victim to phishing attacks including individuals, small business, large organisations and even Government agencies. The damage can include everything from identity theft to corporate fraud and stealing company data to use on the dark web or for blackmail.
Phishing is also a popular method for cyber criminals to install malware on your computer. Downloading documents or clicking links can initiate the installation of malicious and damaging software such as ransomware. This form of attack costs Australian businesses millions of dollars every year, not just in paying ransoms to criminals to unlock their business data but in the time and lost revenue from having their systems disabled for any period of time.
How To Protect Your Email From Phishing?
Now you are aware of the different guises that scammers use to ‘phish’ for data, you can start to protect yourself better and avoid falling prey to these criminals. One of the key things to remember is that legitimate businesses will never ask you to supply sensitive information via email. If you receive an unsolicited email from a business that asks for sensitive information and provides a link or attachment, the chances are it’s a scam.
There are also some other ‘easy to spot’ giveaways that an email or message may not be from a legitimate source. Some of the things to be on the lookout for include:
- Domain names that are misspelt or contain erroneous characters e.g. instead of [email protected] you might see [email protected]
- Even more obvious is if an email comes from a public domain e.g. @gmail.com
- Emails that are not personalised or contain generic greetings such as ‘Dear valued customer’ or ‘To the account holder’.
- Take a very close look at the logo contained in the email and compare it to the website of the brand the message claims to come from. If it doesn’t look exactly the same, be very wary of clicking any links.
- Bad spelling and grammar should also set alarm bells ringing.
- Double check the url of links in messages. If the link in the text isn’t identical to the URL displayed as the cursor hovers over the link, it’s likely going to take you to a fake website.
And if you do realise after clicking a link that it was a phishing email, the best thing you can do is to change all your passwords immediately. And if you happen to work for an organisation, alert your IT support as quickly as possible to try to minimise the damage as quickly as possible.