Phishing attacks are steadily on the rise. Every day, more and more people are duped into opening malicious emails and trusting in its contents. As a result, they give away personal information or find themselves picking up some nasty form of malware. However, avoiding phishing attacks is more manageable than most people think. Here are a few simple tips to follow.
The sender
Look the sender up and down before you take any email seriously. Do you know this person? Does it sound like a legitimate email address? Does this person have any business sending you an email?
And keep in mind, if you do “know” the person, always double-check the email address. Sometimes people will do their research, find someone you know, and do their best to replicate his or her email address. But this email address will usually be off by a letter or two – it’s easy to catch if you take a few seconds to look it over.
The urgency
Emails typically aren’t used for urgent communication. But if an email does contain an urgent message, usually it’s something that’s already been discussed and the email merely serves as a follow-up or reminder.
However, this doesn’t mean you should throw every urgent email into the trash automatically. You should be cautious of them, though. If an email requests a payment or personal information from you, make sure to double-check and triple-check the sender before you do anything.
The grammar
Malicious emails usually aren’t written that well. They’ll probably contain simple grammatical errors that a business professional or popular brand would never make. So if you see something like this in an email, it should set off a silent alarm in your head. However, this isn’t always the case. Phishing emails can be written perfectly, and non-malicious people have been known to make grammatical mistakes.
The subject line
It can be quite difficult to call out a phishing email with nothing but the subject line. That’s a tough one. But what a subject line can do is lend to the overall examination of the email.
Does it feel wonky? Is it off-base? Does it not make sense? Is it too generic? Is it too urgent? Use the answers to these questions to help you determine whether or not an email should be trusted.
The topic
The actual subject of an email can be a surefire indicator of a phishing attack. Does it make sense that this person is talking to you about this topic? And if it does, is the timing appropriate and are the specifics surrounding the topic accurate?
For example, does this email claiming to be from Joe who works at a company you contract with have the authority to ask for payment information? And if he does, do you usually pay invoices this way, to this person, and at this time of the month? If your answer to any of these questions is no, then you’ll need to find a way to verify the request.
The attachments
Occasionally, the point of a phishing email is to make you download a malicious attachment, thereby infecting your computer with malware. Because of this, you should always be incredibly careful when you are thinking about downloading any attachments from your inbox.
Again, it’s best to ask yourself a serious of questions. For example, if you receive a document from a company like Geico or Progressive, ask yourself if this is how they normally do business. Phishing emails pretend to come from large companies all the time, but large companies normally don’t send out documents through email. They’ll either ask you to log into your account to view new information, or they’ll send you snail mail.