Phishing attacks are more rampant than ever before, rising more than 162% from 2010 to 2014. Over half of internet users get at least one phishing email per day, and they cost organizations around the globe over $4 billion a year.
The best defense to have against phishing emails is to block the malicious attacks before they reach customers with Domain-based Message Authentication Reporting and Conformance (DMARC).
Unfortunately, no matter what companies do, some phishing emails will always make it to the inbox, and 97% of people around the globe cannot identify a sophisticated phishing email. That’s why customer education is so important.
Here are 10 tips on how to identify a phishing email:
Tip 1: Don’t trust the display name
A favorite phishing tactic among cyber criminals is to spoof the display name of an email. Nearly half of all email threats spoof the display name.
Tip 2: Look but don’t click
Hover your mouse over any links embedded in the email. If the link address looks weird, don’t click it. If you want to test the link, open a new window and type in the website address directly instead of clicking on the link.
Tip 3: Check for spelling mistakes
Most brands are pretty serious about their emails. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
Tip 4: Analyze the salutation
Is the email addressed to a “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.
Tip 5: Don’t give personal information
Legitimate banks and most other companies will never ask for personal information via email.
Tip 6: Beware of urgent/threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”
Tip 7: Review the signature
Lack of details about the signer or how you can contact a company strongly suggest it’s a phishing email. Legitimate businesses always provide contact details.
Tip 8: Don’t click the attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic used by cyber criminals. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
Tip 9: Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address.
Tip 10: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, text, and a seemingly valid email address, does not mean that it’s legitimate. You should always be skeptical when it comes to your emails—if it looks even remotely suspicious, don’t open it.