By Katie Garner
For those of us non-cybersecurity experts, “phishing” refers to the fraudulent practice of tricking people into giving sensitive information by posing as someone else. You’re probably not a stranger to phishing schemes—it’s the most common type of cyber crime with over 52 thousand cases reported to the U.S. Internet Crime Complaint Center in 2021.
Phishing takes many forms. It could be an email from a big online shopping company telling you that you need to verify your social security number, or a simple text message from a coworker asking you to click a link. Unless you have Security Awareness Training, identifying the inauthentic messages can be risky.
Here are five signs that someone is trying to “phish” you:
1. The Email Doesn’t Know Your Name
Phishers send mass emails to their list of victims using generic greetings. Rather than your name, the email might call you a “dear customer” or a “valued member.” This should be your first hint that something isn’t right.
2. Weird Email Address or Domain Name
Just like with the auto-fill names, phishers often send scam messages using email addresses or links with strange discrepancies, combining domain names with a jumble of letters and numbers.
The message might claim to be from a company like Amazon or Apple, but if you hover your mouse over the email address, the name might be spelled wrong or the domain may include the name of a different company. Even if the email looks pristine, the email address will tell a different story.
3. Requests Confidential Information
This one may seem obvious, but phishers will ask you to relay extremely sensitive information. Your bank will never call you and ask you to say your social security number over the phone. Your accounting department will never ask you for your credit card details over email (and if they do, they may need to do some Security Awareness Training).
Train yourself to be suspicious when a familiar name requests this type of critical information, and then take steps to verify the source.
4. Sends a Link
It’s common for our friends or coworkers to send us links to funny content. However, it’s also one of the top ways that phishers can steal your social username and password. A common scam on Instagram consists of sending a link via Direct Messages that asks users to verify their login credentials, only to immediately change their password and use the account to send malware to friends and family.
To avoid this type of scam, verify the sender and hover over the link to check that the destination is correct.
5. Suspicious Attachments
We receive email attachments all day long at work, but not all attachments are created equal. Once downloaded, these file attachments can install botnets or ransomware on your computer. Make it your policy to double-check the authenticity of odd attachments by messaging the sender in a separate email or phone call.
All it takes is one security breach to compromise your business data. Training employees to recognize the signs of phishing defines the difference between secure companies and vulnerable ones, so ensure your employees have Security Awareness Training before it’s too late.