How to Spot a Phishing Email and What to Do in Case of an Attack

Phishing is one of the oldest tricks in the scammer’s book and it’s growing in popularity each year. According to Phishing Statistics published by Tessian, 75% of organizations faced some sort of phishing attack last year. A Verizon report says that 96% of phishing attacks are conducted through email. With most companies rushing towards a virtual business model, phishing email has become an all the more critical threat in 2021. 

These fraudulent emails are designed to be seamless yet obvious, which helps both scammers to fool people and vigilant employees bypass the threat in the workspace. With few tricks, phishing emails can be easily spotted.

The devil’s in the address

People rarely check the address that has sent the mail. But email addresses are the biggest giveaway in phishing scams. Cybercriminals impersonate big companies while pushing out malicious emails. A lot of times the address doesn’t match the sender’s name, there’s some spelling mistake or it uses a public domain name. For instance, a phishing scam impersonating Netflix might arrive from addresses that look like this – [email protected], or [email protected] 

Even if someone’s expecting a similar mail, a closer look into the sender’s email address can expose the criminal intent.

The language is all over the place

Phishing emails have become a lot more sophisticated these days but there’s always one telltale sign – the language. A major chunk of fraudulent emails originate from countries where English is not the native language. It’s also generally believed scammers are not refined enough to craft flawless emails imitating the standards of big companies. Organizations can miss an extra comma sometimes but if you see major grammatical errors or non-native sentence structure, it may be a poorly written phishing email. 

Suspicious attachments

Unknown emails with suspicious links and attachments are always phishing attempts. The emails are written in a way to push you to click the link or open the attachment. Once you do that, the Trojan virus infects your device and steals data. Do not open a link or download an attachment if you’re not 100% sure of its legitimacy. 

Very urgent call to action

Scammers know if they can’t scam someone right away then a second look will surely give them away. That’s why you’ll find phishing emails with urgent texts and strong calls to action. Popular topics are account suspension alerts that require you to reconfirm your identity, 2FA authentication failures, tax return issues, and online shipping trackers. With urgent texts, they create panic in the victim’s mind and plans to get away with a moment of emotional weakness. 

How to keep company data safe?

If you’re extra cautious about the consequences of phishing attacks, you will be able to prevent such threats. Despite that, if you feel you’ve fallen prey to one such attack in your workplace, instantly disconnect your device from others and go offline.

Change all of your passwords immediately, run a comprehensive virus scan in all the devices, and backup your data. Get in touch with your IT services team and bring the issue to everyone’s attention in your space. During a phishing attack, the faster you respond, more often than not, the lesser the damage will be.