Suspicious Email AddressesIt’s good practice to always look at a sender’s email address before clicking on any links or responding to their message. Hackers will often imitate a legitimate business or person by slightly altering their email addresses, so be sure to double-check for misspellings and extra characters. And pay attention to generic email addresses, like “noreply” or “admin,” as they may not come from a trusted source.
It’s best to never interact with an email you don’t recognize, but if you do, don’t provide any personal information or click on links. Instead, contact the sender through a different method, such as phone or a separate email address, to confirm their identity.
Requests for Personal InformationLegitimate companies will never ask for sensitive information, like passwords or credit card numbers, through email. If you receive such a request, do not respond and immediately report it to the company in question and your managed IT services provider.
Also, legitimate businesses will usually use secure document-signing products like Docusign. You could call the sender to confirm the authenticity of these documents before signing or providing any personal information.
Grammatical ErrorsFor decades, people have been claiming that bad grammar is a dead giveaway of a phishing email because the sender must be a non-native speaker. And while that may be true in some cases, it’s discriminatory to immediately associate a non-native speaker with cybercrime.
Instead, the hacker might intentionally use incorrect grammar for various reasons:
- to weed out targets that aren’t going to be gullible
- to get past spam filters that target specific spellings and phrases
- to authenticate their email—not everyone has perfect grammar
Sense of UrgencyPhishing emails often use a sense of urgency to manipulate victims into clicking links or providing personal information. They might claim there’s a problem with your account, or that immediate action is needed to prevent some kind of negative consequence.
If they’re trying to get you to click on an external link for a product, they might say that there’s limited availability or that a sale is ending soon and you have to “act now!” But don’t let fear take control—rely on logic and reason. Take the time to confirm the legitimacy of the message before taking any action.
Social EngineeringFinally, it’s important to be mindful of social engineering tactics. Phishers might try to manipulate you by playing with your emotions or using flattery. They may pretend to be a high-ranking person in the company or someone you trust, such as a colleague or family member.
Because of social media, it’s now easier for hackers to gather information about you and use it in their phishing attempts. So, be cautious of anyone requesting personal information or urgent action, even if they claim to know you. When in doubt, contact the person through a different method before responding.
No Phishing Allowed—Partner with iTology for Maximum CybersecurityHackers use all different kinds of bait and tackle to get you and your employees to bite. And while these tips can help you recognize phishing scams, the best defense is partnering with a reputable managed IT services company like iTology.
Our team of experts stays up-to-date on the latest phishing techniques and will develop a comprehensive strategy to protect your business from cyberattacks. If you’re ready to get a personalized cybersecurity plan, give us a call or request a free consultation!