Scam artists – sneaky, deceitful, intentional – whether it’s someone on the street, the phone or online. We’ve all been exposed, or worst have been a victim of a scam. Today, modern pickpocketers have carefully orchestrated phishing emails designed to manipulate and target people’s instincts. That leaves us to be educated on how to spot phishing emails.
The right inbox mentality
How many unread emails do you have right now? Our inboxes are consistently bombarded with new messages. With that, you must open your inbox with an attentive mentality. A successful phishing email has the victim complete an action – enter login information, wire money, purchase gift cards, etc. When you’re not focused and vigilant your risk greatly increases.
After a quick scroll through hundreds of emails, it is easy to glance over one and think it is legitimate. Especially when you think it’s from a trusted source – Amazon, your boss or even the CEO.
Bottom line is that you need to minimize distraction when you decide to tackle your inbox strategically and safely.
How to spot phishing emails
There’s a checklist of criteria to evaluate each email to determine if it is legitimate once you’re in your inbox. Some are more obvious than others, but you should always check:
- Inconsistent domains, links and email addresses.
Look for slight changes in well-known domains and see if link URLs are consistent with the sender domain.
- Poor spelling and grammar.
Bad actors often strategically use poor grammar and misspellings to filter out the more critical people, leaving those who act more likely to complete the desired action.
- Suspicious demand for action.
Think it is odd that your password is being requested via email link, or that your boss wants you to buy 10 gift cards from a website? It probably is.
- Request from a vendor to an unassociated email address.
Know which email address is associated with each account. Be wary of requests to non-associated addresses.
- Unexpected attachments or email.
Not expecting to hear from someone or to see an attachment? Follow your instincts and be suspicious.
And tactics are ever-evolving. Stay up-to-date on the latest methods to always be prepared. Attackers prey on and manipulate human instinct and emotion. The more exposure you have to evolving tactics, the more prepared you will be to spot them. Also, consider having your organization implement anti-phishing and user awareness training programs to collectively educate all users.