Email Security: Essential Tips to Protect Yourself from Phishing Scams
You have just received an email. It looks legitimate and you want to click the link in the email message, but how do you know that it’s not a phishing scam and that you could possibly give away personal information, money, or access to your accounts? Phishing scams are becoming progressively common, so online users must know how to identify a phishing email instead of falling victim to it.
Did you know that malicious actors can easily forge an email address? This is called email spoofing and it can make identifying phishing scams incredibly difficult. Forged email, or spoofed email, is a technique used by malicious actors to commit fraud. The purpose of forging or spoofing an email, as the name suggests, is to make a fake message appear legitimate. Spoofed emails are the cornerstone of phishing attacks.
A spoofed email involves a malicious actor creating an email message with a spoofed sender address, with the intent of deceiving the recipient into believing the email originated from a familiar source. Malicious actors will use a spoofed email to help themselves impersonate an organization or an individual, such as a supervisor, to trick users into taking some type of action. Malicious actors use this technique to deceive unsuspecting users because they know a potential victim is more likely to interact with the content of an email if they are familiar with the sender.
There are various types of email spoofing. Malicious actors can either spoof the entire email address or just the domain name. Fortunately, there are things you can do to help determine if an email is coming from a legitimate email address or a spoofed email address.
Check Domain Names
It’s quite easy to just check the name of the person sending you the email and believe it is a legitimate email, but you should do more than check the name of the sender. Check the sender’s email address by hovering your mouse over the email address in the ‘From’ field. Look for any alterations in the email, such as extra numbers and letters.
Look at the differences between these email addresses as an example of an email that has been altered: firstname.lastname@example.org and email@example.com. If you are not sure what the domain of the actual sender should be, you can always take action to determine what the legitimate email domain is. You may be able to use Google to search for the organization and the email domain it uses. If you have received emails from the individual or organization in the past, you can always check the other emails you have received from that individual or organization.
Check for Spelling Errors
One of the best ways to recognize a phishing email is grammar mistakes. An email from a legitimate source, especially if the email comes from an organization or business professional, should be well-written. There is something important to know: there is a purpose behind bad email structure. Malicious actors are smart. They go after those who they believe will be quick to believe an email is legitimate, even if it contains bad syntax. Hackers enjoy going after those who are not familiar with phishing scams and will likely be less observant of grammar errors.
Be Observant of Unsolicited Attachments
If you receive an unsolicited email that contains one or more attachments, you should be on high alert. Legitimate organizations typically don’t send you a random email that contains attachments. Instead, the organization will direct you to their website to download documents or files. However, sometimes you will receive messages from an organization that already has your email address that contains a document (such as a white paper) that you could download. If this is the case, you should be aware of the best way to spot files that could be high-risk. If you have any suspicions, you can always contact the organization directly using the contact form on their website.
Make Sure URLs Are Legitimate
While a link could give you the indication it’s going to send you to a certain website, it doesn’t mean that is what will happen. Always double-check URLs before clicking a link. If the link in the text does not match the URL displayed as you hover your mouse over the link, you can be sure that you will be taken to a website you never intended to visit in the first place. Don’t trust a URL that seems odd or doesn’t match the email’s context. When hovering your mouse over embedded links, make sure you never click the links. Always make sure any link you click is secure.
Question the Email’s Content
Sometimes the best thing you can do to protect yourself against phishing scams is to trust your instincts. If you receive a message from a source that you believe to be legitimate but the email was unexpected and seems to be out of the ordinary, you should definitely be suspicious. When you receive an unexpected email message, you should certainly question the legitimacy of the message, especially if the content of the message requests information or directs you to click a link or open an attachment.
Before you click anything or respond to an unsolicited message, we advise you to do the following to ensure you do not become a phishing scam victim.
Think about the following:
- Was I expecting to receive this type of email?
- Why am I being directed to download a file or attachment?
- Does the content of the email make any sense?
Inspect the email:
- Are you being requested to take action immediately?
- Does the email contain an unsolicited request for your information?
- Does the greeting and/or signature appear legitimate and professional?
- Are there any links or attachments that seem suspicious?
If the email you receive appears to be legitimate, but you still have concerns, we advise you to contact the presumed sender through a legitimate phone number or by sending an email message using the sender’s legitimate email address. Do not reply to the sender using the email message that raised the red flags.
For comprehensive and complete email protection and security, contact Colorado Computer Support today. We have the tools, services, and plans that make email security a little easier.