94% of cyber-threats start with an email. It is important that everyone in your company is aware of the signs of phishing. Here are 10 warning signs that the email you received may be a phishing email.
It has a public email domain
Most organizations, even small businesses, have their own email domain. That means that any email you receive that doesn’t end in a familiar domain, such as @gmail.com, should make you suspicious. The key is to not just look at the From: field, as people can choose display names that don’t have to relate to the email address at all. Phishing emails may also include the legitimate company name as part of the email address before the @ symbol to confuse you.
The domain name is misspelled
Since a public domain is a huge giveaway that an email is phishy, criminals will buy domains that are close to the legitimate business name but slightly misspelled. They hope that at a quick glance, your brain will not register the spelling error and just see the legit company domain you were looking for.
The email has weird grammar
Many phishing emails come from people who live in non-English speaking countries and therefore, their emails can be poorly written. While nothing may technically be wrong with their message, we have all gotten emails that just don’t sound right.
It includes attachments or links
All phishing emails contain payloads. This will typically be a link to a bad website or an infected attachment. These will allow the person to capture your sensitive information such as login info, credit card details, phone numbers, and more once you click on it.
The message is urgent
They want you to complete the action (clicking on the link or opening the attachment) before you have time to think about what they are saying or inspect the email for suspicions components. Phishing emails tend to include language like “immediately”, “right now”, “waiting”, or “urgent”.
They are requesting info
Legitimate companies won’t ask for your information in an email. You should be cautious of any email that is requesting personal or sensitive information from you.
They use a generic greeting
Most people emailing you will use a personal greeting. Even large companies like Netflix and PayPal will include personal information in the greeting so you know the content is specific to you. Scammers do not always have this personal information, or they are batching emails to a large group and can not include it. Examples of this include “Dear valued member,” “Dear account holder,” or “Dear customer.” Even then,some phishing emails avoid this by skipping the greeting all together.
Low resolution logo
When the hacker is impersonating the company, they may only have access to a smaller size logo that they could find on the internet. Therefore, when they include it in the email it may be too low of a resolution and appear blurry.
The signature is general
Just like a general greeting, a general signature can also be a warning sign. They may not know who to say the email is from, so they keep it general.
The subject line is one of these 5 words:
- Urgent
- Request
- Important
- Payment
- Attention
It is not just enough to know the signs of a phishing attack. 65% of organizations in the US experienced a successful phishing attack. Sierra Experts can help! We help businesses of all sizes proactively monitor their network. We will add additional layers of security, so you don’t have to worry about employees falling victim to phishing. To learn more about how Sierra can keep your business secure, give us a call at 844.750.4170 or send us an email at Sales@sierr001-2.sierradevops.com
