Email phishing is an all-too-common ploy hackers use to steal your identity, acquire your account password, or access your secured software or system.
Unfortunately, phishing works. It works well enough to fool people who are tech-savvy and comfortable online. That said, there are strategies you can use to protect yourself and your information from phishing attempts.
This article will review the basics of what email phishing looks like and talk about how you and your colleagues can protect yourselves.
Signs of a fake email
Phishing typically uses a fake email message pretending to be from your bank, payment processor, or some other site or company you have an online account with. For instance, you might get an email that looks like it’s from your financial institution—or even your claims provider.
These emails are often close enough to the real thing to trick users into clicking a link, downloading a file, or visiting a website and providing personal information. That’s all it takes for the hacker to obtain access to your account, steal your identity, try to blackmail you, or even hold your data for ransom.
If you’re wondering how to recognize these emails, there are a few telltale signs to watch out for. Not every email message has these clues, but if you see any of them, it’s probably not a legitimate message.
Here are a few warning signs:
- Design flaws and errors in the message. Finding typos, design differences, or odd spellings somewhere in the text or in the message design. Real companies hire copywriters or editors to double-check messages for mistakes—and of course a hacker or identity thief isn’t usually that careful.
- A strange “from” email address. Did you receive a message that claims to be sent by PayPal but it says “firstname.lastname@example.org” or “email@example.com”? An email address that doesn’t match the correct domain is almost always a sign of fake messages.
- The “bank” (or other organization) asks for information they should already have. It’s suspicious for your credit card company to ask you for your credit card number when they already have it. Or for your payment processor to ask you to “verify” your account by providing a long list of details they already have. If you’re not sure, call them up and ask if they really need it.
- You win a contest you never entered or you’re asked to verify an account you never signed up for. If you don’t have an account with that particular site, it could just be a phishing attempt. Keep in mind that these messages are sent to large numbers of people—the chances are good that at least some people receiving fake Bank of America messages will actually have Bank of America accounts. Of course, if you don’t have a Bank of America account, getting one of these messages probably means you’re being targeted by a phishing attempt. Using your common sense can help you recognize these.
- The message contains weird links. You hover your cursor over the links in the message and it shows weird links that don’t look at all like they’re associated with the legitimate company.
- It looks too good to be true, doesn’t look familiar, or has too many red flags. If you’re looking at a message that just doesn’t feel right, don’t click any links or reply to it. Simply contact the company and ask if the message is legitimate (or just delete it).
What to do
If you receive a phishing message, avoid contacting the sender or providing any information. Instead, here’s what you should do:
- Ask the company if the email is legitimate if you’re not sure. Have a message that looks weird? You’re probably better off checking with the company directly. They’ll let you know if it’s from them and what the purpose of the message is.
- Let the company know you’ve received a phishing attempt. Other people may be receiving the same messages. Letting the company know what happened may help protect other people from phishing.
- Educate your colleagues, co-workers and employees. Protect your clinic by letting everyone know how to spot phishing emails.
- Set a policy. You may want to have an official policy about phishing messages. For instance, you could ask everyone in your office to avoid clicking links in email messages that come from senders they don’t recognize.
- Florentine, S. “5 ways to spot a phishing email.” CSO. https://www.csoonline.com/article/3172711/phishing/5-ways-to-spot-a-phishing-email.html. Published: February 2017. Accessed: September 2018.
- Broida, R. “How to spot a phishing email.” Cnet. https://www.cnet.com/how-to/spot-a-phishing-email/. Published: September 2017.