While large-scale ransomware and distributed denial of service (DDoS) attacks may be taking up up the bulk of people’s cybersecurity news feeds, organizations have more to worry about than the newest and most sophisticated forms of malware. One of the most tried and true attack vectors used by threat actors to gain sensitive information and compromise networks—even now—is phishing. Last year, the 2021 Microsoft Digital Defense Report reported that phishing attacks doubled in 2020. Later in 2022, Verizon’s latest Data Breach Investigations Report found that phishing contributed to about 20% of compromised networks in 2021. And most recently, the Identity Theft Resource Center’s H1 2022 Data Breach Report found that phishing remained the leading root cause of data compromises in the first half of 2022.
It’s abundantly clear that everyone, with a particular emphasis on those that handle or have access to sensitive data, should know how to identify a phishing email. Phishing is far from being a perfect science, that's why taking a moment to analyze suspicious emails for clues and inconsistencies is a key step in phishing attack prevention. By familiarizing yourself with the following phishing 'red flags,' people can save themselves and their organizations from a lot of headache.
1. Suspicious Links
When it comes to any link in an email, it’s wise to live by the “hover before you click” rule. If you’re tempted to click on a link that leads to a free gift, that’s asking for some kind of information from you, or a link that the email asks you to click in general, be very wary. Before clicking the link, make sure it contains a security certificate, that the domain itself appears correct, and that it doesn’t otherwise look “off.”
2. Improper Spelling or Grammar
This is an easy mistake to check for in suspicious emails—particularly those that contain links. Check the subject lines, body text, links, and signatures for any spelling or grammatical errors. Generally speaking, reputable organizations will rarely, if ever send out emails with these kinds of mistakes, so if you find an email in your inbox with any glaring spelling or grammatical errors, it’s best to be cautious with them.
3. Suspicious Attachments
Unsolicited attachments are generally a rarity in emails coming from reputable organizations, as it’s more common for those organizations to include a download link instead. Unless you are completely certain that an attachment is legitimate, it’s best not to open them at all as they could contain harmful malware.
4. Soliciting an Emotional Response
It’s worth emphasizing that phishing is almost always made possible by social engineering. While some phishing attempts will disguise themselves as legitimate emails, others will err more on the side of warnings or threats so as to promote a sense of urgency or panic in their victims, with the goal being to force you to make a quick (and potentially bad) decision. A threat actor posing as your bank, for example, may attempt to scam you by threatening account closure. If you receive an email with this kind of language, you should immediately be suspicious, and most importantly, remain calm.
5. Strange or Impersonal Greetings, Language, or Tone
If an email sounds oddly impersonal, generic, or dry, this could be another red flag. Non-specific phrases like “to whom it may concern,” “dear customer,” or “sir/ma’am” are a few examples of strange language to look for in a potential phishing attempt, but do not ignore tone either. Does the sender address you by your first name or a nickname even though you don’t know them? This won’t be quite as noticeable as a spelling or grammatical error, but if an email reads strangely, then be on alert.
6. Requests for Information
Similarly to unsolicited email attachments, it’s rare for organizations to ask for information from you through email. More specifically, if an email ever asks you to provide sensitive information like payment info, answers to security questions, passwords, or anything else that could compromise your or your organization’s accounts, never respond to those requests.
7. Discrepancies Between the Sender Name and Email Address
Thankfully, this is another red flag that can be relatively easily identified. While the email sender’s name may appear on your end as a reputable organization’s name, the email address may not appear as reputable. For example, you may receive an email whose sender name is identical to your bank, but the email address may appear as a Gmail or Yahoo account rather than a corporate email account associated with the bank. If you find a discrepancy like this in an email, it’s likely a phishing attempt.
8. C-Executive Fraud
On occasion, threat actors will attempt to gain information about you or your organization by emailing you while posing as a C-level executive within your organization like the CEO or CFO. If you don’t frequently work with these executives, it’s best to check the sender’s email address and confirm that the email was sent from a corporate account.
9. Lack of Contact Details
Whether you’re part of an email marketing list or are receiving an email directly from an employee, generally speaking, emails usually provide thorough contact information below or around the signature. If there is a strange lack of contact information in the email, this is yet another reason to be suspicious.
10. Content Disguised as Something Expected
This is inherently a bit trickier to identify on first glance, but phishing scams can sometimes disguise themselves as something you expect to hit your inbox. For example, you may receive an email that looks exactly like your regular bank statement, right down to the wording of the email and the branding, but the attachment may be malicious. To identify a phishing attempt disguising itself in this way, check for the clues listed above along with more minute details like paragraph spacing, logo placement, and colors.
