Are you easy bait? Are your employees easy bait? Phishing emails are still one of the easiest ways for cyber criminals to get your valuable and personal information.

A phishing attack is when a cyber criminal attempts to trick someone into giving them the information that they want to steal by sending fake emails that appear to be real. The email will come from a business, a coworker, your boss and they look to be from an authentic source, but unfortunately they are not. The email might ask you to confirm personal account information, such as a password or prompt you to open a malicious attachment that infects your computer with a virus or malware. Phishing emails are one of the most common online threats because they work. It is so important that you and your employees know some of the tell tale signs so you can avoid becoming bait. Here are 5 ways to spot phishing attacks.

  1. The email asks you to confirm personal information.

Often an email will arrive in your inbox that looks very authentic. Whether this email matches the style used by your company or that of an external business such as a bank, hackers can go to painstaking lengths to ensure that it imitates the real thing. However, when this authentic-looking email makes requests that you wouldn’t normally expect, it’s often a strong giveaway that it’s not from a trusted source after all.

Keep an eye out for emails requesting you to confirm personal information that you would never usually provide, such as banking details or login credentials. Do not reply or click any links and if you think there’s a possibility that the email is genuine, you should search online and contact the organization directly  – NEVER use any communication method provided in the email.

2. The web or email address looks odd.

spoof email.JPG

It is often the case that a phishing email will come from an address that appears to be genuine. Criminals aim to trick recipients by including the name of a legitimate company within the structure of email and web addresses. If you only glance at these details they can look very real but if you take a moment to actually examine the email address you may find that it’s a bogus variation intended to appear authentic ‒ for example: @Fedex.mail as opposed to

Malicious links can also be concealed with the body of email text, often alongside genuine ones.  Before clicking on links, hover over and inspect each one first.

Also, in an email hover over the From display name to see what email address pops up. It’s very common for an attacker to spoof a display name to look like that is coming from a legitimate source. If you hover over the display name you can see what email address it actually came from.

3. The email is poorly written.

It is amazing how often you can spot a phishing email simply by the poor language used in the body of the message. Read the email and check for spelling and grammatical mistakes, as well as strange turns of phrase. Emails from legitimate companies will have been constructed by professional writers and checked for spelling, grammar errors. If you have received an unexpected email from a company, and it has mistakes, this can be a strong indicator it is actually a phish.

4. There is a suspicious attachment.

You should be wary if you receive an email from a company out of the blue that contains an attachment, especially if it relates to something unexpected. The attachment could contain a malicious URL or Trojan, leading to the installation of a virus or malware on your PC or network. Even if you think an attachment is genuine, it’s good practice to always scan it first using antivirus software.

5. The message is designed to make you panic.

It is common for phishing emails to try to panic the recipient. The email may claim that your account may have been compromised and the only way to verify it is to enter your login details. It is also common for the email to state that your account will be closed if you do not act immediately. Ensure that you take the time to really think about whether an email is asking something reasonable of you. If you’re unsure, contact the company through other methods. Go to their website and call their customer service number to inquire if the request is legitimate.

The reality is an unfortunate one that if you are in doubt, assume the email is malicious. It is always better to be safe than sorry. It is also best practice to make sure your employees know how to spot a phishing email.

We provide phishing tests and training to many Central Ohio businesses. It is an easy, affordable and effective method to teach your organization to avoid phishing emails. For more information or a quote for this service, contact us today.