Recently, we talked about the importance of questioning everything when it comes to cybersecurity; telephone calls, websites, text messages, snaps, any of these mediums are a forum for viruses. As the threats continue to change and grow, many people have started to become more aware of how widespread phishing has become. Phishing has grown in popularity, particularly in email. Often an email will fake legitimacy with malicious intent. The scammer may be posing as a legitimate business offering a proposal or rare opportunity. Other times, the email will take the form a friend asking you for help.
The crux of these phishing attacks are usually based around a link that will release malware onto your device if you click it. Luckily, there are some methods you can use to help figure out whether an email is legitimate or not.
Question Intent
Was I expecting an email recently? Is this a person that would normally message me? Does the sender give a valid reason for me to open this link? Is this a business I am subscribed to? These are the kind of questions you should ask yourself. If you have no idea who is contacting you, there is absolutely no reason to open an attachment. It is important to remember that no legitimate company will ever ask you to send credit card or social security numbers to you via email.
Inspect the Email
Scan the text for irregularities. Often phishing emails will use intentionally bad grammar to seem more “human”. Additionally, anyone who would take the time to craft you a message should know your name. If the email begins with “dear valued customer” or “dear member”, the person clearly has no idea who you are. They are either trying to sell you something, or scam you.
Verify the Sender
If something seems off about an email, check to see if this entity has emailed you before. For example, imagine a bank messages you. It’s a bank you know, but they are asking for personal information that seems odd. Hover over the display name. A sender can always choose a display name to show instead of the email. An email always seems more enticing when it comes from “BB&T Bank” instead of “CISOLine@BBandT.com”. Many times a scammer will not make the effort to create a new email address. More often than not, you can see a ridiculous address when you hover over the display name, indicating that the sender is an impostor. Sometimes the address will even be an almost identical address. Therefore, if you have received messages from BB&T before, check and compare the addresses, signatures, and messaging style.
Check the Times
All business emails are sent during business hours. Nine to five is the general time period that an entity like a bank would send an email. Unless the company is based in a different time zone, any company messaging you late at night is likely a scammer.
Trust Your Gut
This is by no means meant to be a fully comprehensive list. Phishing emails will continue to evolve as long as humans continue to innovate and lust for money. The last piece of advice is to trust your gut. If a company or friend is sending you an email and something seems off about it, something is probably amiss. Before clicking any link, you can always call the company or a friend to confirm that they intended to send you a link.
Tags: Best cybersecurity practice, Cybersecurity, Email, Phishing, Threat, Verification