Five Ways to Identify a Phishing Attack

Phishing attacks can be extremely detrimental, but you can help protect your business by knowing these five tactics scammers commonly use.

Articles published January 15, 2019 by Tom Agnitsch

One of the most common forms of cyber attacks, phishing emails, are becoming more sophisticated and convincing, causing their victims to face extreme losses in their businesses. In fact, 94% of organizations experienced a phishing attack in the previous 12 months, while 54% also saw the volume of these attacks increase.* These scams are more common than you think and need to be considered a top priority when it comes to mitigating business risks. But what are phishing attacks, and how can you identify them?

A phishing attack is when a cybercriminal pretends to be someone they are not via email to extract sensitive and confidential information about you and your business. These attacks can be extremely detrimental, potentially causing you to lose your business.

A cyber predator can attempt to steal confidential information from you by eliciting fear, curiosity, and a sense of urgency. The criminal will input a direct call to action in the email, highly encouraging you to open or click on an “attachment.” This “attachment” or “link” will be the entryway for the cybercriminal to steal your information. Fortunately, there are ways you can identify phishing attacks before hackers can steal confidential information. Protect your organization from a data breach and help protect your business by knowing these five tactics scammers commonly use.

1. The phishing email is sent from a public email address.

Cybercriminals can set up a default display name to appear in your inbox that looks natural, so be sure to look at the sender’s actual email address. This can help identify if the sender is truly who they claim to be. A legitimate email will come from the organization’s domain such as @aureon.com. Criminals often use a public email address such as @gmail.com. Also, double check the spelling of the domain to ensure it is familiar to you. A slight change in the domain can be easily overlooked, but is an indicator of a malicious sender.

2. The phishing email contains strange or unknown email attachments.

If you receive an unexpected email or an email from someone you don’t know asking you to open an attachment, do not open it. Hackers use attachments as a way to contaminate your computer. Unknown attachments can contain malware — software that can harm your computer and capture your personal data, so be sure to only open attachments from senders you know and trust. When in doubt, contact the sender using a different method of communication to confirm their intent.  

3. The phishing email contains strange or unknown website links.

Phishing emails may ask you to click a link within the email. Just as you should be vigilant about opening unknown email attachments, you should investigate any URL before clicking. Whether it’s a pasted link, a hyperlink within text, or embedded as a button, by hovering your mouse over the link or address, you can reveal the linked site’s true URL. A phishing email will contain links to unrecognized sites or URLs that misspell a familiar domain name. These URLs might be slightly misspelled or completely different than what you are expecting, so always double check before you click.

4. The phishing email contains poor spelling and grammar.

You can often detect a phishing email by how it is written. The writing style might be different and usually contains spelling mistakes and poor grammar. Many of us can make typos when sending an email, so a common misspelling from a finger slip on the keyboard isn’t necessarily a red flag, but multiple misspellings or awkward wording of everyday phrases should start sounding alarm bells in your head. 

5. The phishing email creates a false sense of urgency.

Cybercriminals can create a sense of urgency by warning you that your account has experienced suspicious activity or an invoice is due. This type of act-now urgency is a warning sign. Whether it appears to be an email from your bank or your boss, always look for the above warning signs. If you’re still unsure, call the supposed sender to discuss the email in person. Never use any contact details or click any links provided in this kind of email without verifying their authenticity. Remember, it’s always better to be safe than sorry.

Understanding these phishing email tactics is crucial to protecting your organization’s cybersecurity. However, raising phishing email awareness among your employees and training them to adhere to your organization’s prevention methods is even more important. Protecting your organization is an all-hands-on-deck practice and should be taken seriously.

Is your business aware of the ways to identify catastrophic phishing attacks?

*The State of Email Security 2019 Report

About The Author

Tom Agnitsch

Tom Agnitsch is the Leader of IT Operations for Aureon. Tom has 25+ years of experience in IT security, cloud services and managed services. He has provided support and consulting to hundreds of clients in many vertical markets, including finance, healthcare, non-profit and manufacturing.

See more by this author