How to identify if an email is a phishing attack
91% of all cyber attacks are delivered through an email. A company of 5,000 employees will receive an estimated 14,400 malicious emails per year.
It’s not abnormal to receive phishing emails. It’s only dangerous if you fall for the bait. So how can you tell a phishing scam apart from a task that needs attention?
- Look at the email address
- Hover, Don’t Click
- Vague Pronouns
- It’s Better to be Safe than Sorry
Look at the email address
This step usually begins by checking for spelling mistakes. They will usually appear as something related to the account they trying to gain access to. A few of my favorites are
But even the from
Phishing uses a false sense of urgency. This is intended to make users take action quickly without much thought to any inconsistencies in the email.
This can often look like “There was unusual activity detected on your account,” or “Your password is expiring today”.
The hope is that you are so concerned with losing access to an account that you make a decision (or mistake), that you wouldn’t normally.
Download our infographic and learn how to identify a phishing scam when you see one.
Hover, Don’t Click
You can examine the URL in question by hovering over a link rather than clicking directly. It will appear in your browser window in the bottom left corner. You can see in the photo to the right.
If it looks questionable, don’t click it and forward it to your security provider or response team.
Mass Phishing Attacks will generally use vague pronouns such as “Valued Customer”. Even mass corporate communications will use your full/correct name.
In more direct, high-value attacks, known as spearphishing, hackers may do deep research to create a seemingly trustworthy email. In this instance, hyper-vigilance is necessary and a trustworthy IT partner to monitor breach detection and incident recovery.
Better Safe than Sorry
If you are worried about something, forward it to your IT team for threat detection. Worst case scenario, we send it back to you saying everything’s fine. If it is malicious, not only will we have secured this threat but also helped to identify any future threats.
Other Articles You Might Be Interested In:
Disaster recovery plans are vital, not just important. Data becomes lost, deleted, purged, corrupted, all the time. Without that measure in place, data is truly lost. There does seem to be confusion on what constitutes a Disaster Recovery plan, however. While many...read more
Data backup is a critical part of an organization’s overall disaster recovery plan. The concept of data backup is simple: you make copies of your data and store them in a different location in case data is lost or destroyed.read more
Founded in 1999, ITonDemand helps businesses and associations across the US achieve growth by guiding and supporting IT infrastructure and providing cybersecurity management. ITonDemand’s Core Solution and Security+ have been recognized among both Managed Services and Cybersecurity Providers as a member of the MSP Pioneer 250 and the Top 200 MSSPs.