Top Ten tips for identifying a Phishing Email : PRM IT Helpdesk

Here is the list of top ten tips for identifying a potential scam email. Click on a tip to jump to that section!

A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Here’s how it works: If a fraudster wanted to impersonate our CEO “Matt,” the email may look something like:

Since Matt doesn’t use a gmail for business communications so our email authentication defenses will not block this email on Matt’s behalf. Once delivered, the email appears legitimate because most user inboxes and mobile phones will only present the display name.
Always check the email address in the header from—if looks suspicious, flag the email. This type of phishing usually will try and impersonate our executive team. See something suspicious, reach out and confirm, always!

Cybercriminals love to embed malicious links in legitimate-sounding copy. Hover your mouse over any links you find embedded in the body of your email. If the link address looks weird, don’t click on it. If you have any reservations about the link, send the email directly to your IT team.

Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name. If the email came from someplace legitimate, odds are a template is being used that should inject your personal info into the email to confirm its real.

Most companies will never ask for personal credentials via email--especially banks. Likewise most companies will have policies in place preventing external communications of business IP (i.e. the VPN). Stop yourself before revealing any confidential information over email. Always question before sending anything private or having to do with money.

Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or ask you to action, like an “urgent payment request.”

Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details. Check for them! Or they will use INCORRECT information. It never hurts to run a web search of the business to confirm the information.

Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address, including the domain name. Keep in mind that just because the sender’s email address looks legitimate (e.g sendername@yourcompany.com), it may not be. A familiar name in your inbox isn’t always who you think it is!
This is especially hard to spot on mobile devices, where the small screen will typically only have the display name. Which can be easily spoofed!

Phishers are extremely good at what they do. Many malicious emails include convincing brand logos, language, and a seemingly valid email address. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, do not open it.

See Something, Say Something! Everyone runs into these emails! Please keep up reporting as you have been!

If you want to learn more, see the full original article here

Top Ten tips for identifying a Phishing Email Print