Phishing emails were one of the biggest cyber threats last year, and it’s no wonder why. We are all online more than ever, and cybercriminals took advantage of our lock-in lifestyles (and anxiety) by sending clever scam emails. They were successful, too: the FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.
The good news is, there are a few steps you can take to avoid falling victim to an email scam.
We asked the cybersecurity experts at ESET about the telltale signs of a scam email — and what to do if you have been phished.
5 easy ways to spot a phishing email
Cybercriminals often go to great lengths to make their phishing emails look authentic, so you believe they’re from a company you know and trust — like a bank, social media site or online store. While scammers change their tactics, there are a few common red flags that might clue you in to a scam.
Here’s how to identify a phishing attack.
- The email requests personal information
In general, legitimate companies won’t ask you to confirm any personal or sensitive information over email. Think: passwords, tax numbers, bank account or credit card details. If a company needs any confidential information from you, they’ll send you to their secure portal or ask you to call or come to the office.
- There are typos in the subject line or email
Poorly written or grammatically incorrect emails are a dead giveaway of a scam. If you spot typos or mistakes in the subject line, don’t open the email because it could be a phishing scam. And if you read an email and it’s riddled with mistakes or odd turns of phrase, that points to a potential scam. Emails from legitimate companies are often crafted by professional writers and edited for spelling and syntax. Interestingly, many cybersecurity professionals believe that hackers write “bad” emails on purpose to hook the most gullible targets.
- The email address has a different domain name
Cybercriminals often create new email addresses for phishing scams. Hover over the sender’s email address and make sure it matches other emails you’ve received from that person or company and doesn’t contain any additional numbers or letters. For example, [email protected]m is more legitimate than [email protected] or [email protected].
While some companies do use varied domains or third-party providers to send emails, that’s the exception — not the rule. So, be wary of any emails with unusual addresses.
- There are suspicious links or attachments in the email
Before clicking on an embedded link in the body of an email, inspect it first! Hackers often conceal malicious links within emails, and mix them with genuine links to trick you.
If the hyperlinked text isn’t identical to the URL that pops up when you hover over the link, that’s a sign of a malicious link. It might take you to a site you don’t want to visit, or even install a virus on your computer. To prevent this from happening, don’t trust any unmatching URLs or links that seem irrelevant to the content in the rest of the email. Another tip is to check the link begins with https:// — the “s” stands for “secure,” which means you’re connecting to the site with Secure Socket Layer (SSL) technology.
The same principle applies to attachments. It’s rare for a legitimate company to send you an attachment you need to download, such as a PDF or video. They’ll usually direct you to their website to download documents instead. It’s especially rare for a company to send that kind of email out of the blue. So, if you receive an email with an unexpected or unsolicited attachment, it could contain a malicious URL or “trojan,” a hack that installs a virus or malware on your computer or network. Avoid clicking on it, and scan it using an antivirus software first. It’s a good idea to get into the habit of doing this with all attachments — even if you think they’re genuine. You can also keep an eye out for suspicious file types, like .exe, .scr and .zip.
- The email is panic-inducing
Scam emails are on the rise during the COVID-19 pandemic for one major reason: cybercriminals prey on people’s worries and insecurities. They tell a (false) story to encourage you to click on a link or open an attachment.
We’ve seen scams from senders posing as doctors, government officials or World Health Organization representatives. For example, emails will trick healthcare workers into downloading “coronavirus trackers” to stay on top of case numbers, or send sensitive data to confirm a delivery for ventilators.
It’s also common for phishing emails to claim one of your accounts has been compromised. They might say they’ve noticed suspicious activity or log-in attempts, or that there’s a problem processing your payment. Hackers will instill panic by saying your account will be closed if you don’t act immediately, or ask you to verify your account by replying with your login credentials.
What to do with phishing emails
Now that you know how to spot a phishing email, let’s talk about what to do if you receive one.
To stop a scam from causing damage or stealing your data, follow these best practices:
- Don’t open any emails from unknown senders, or with suspicious subject lines.
- Mark suspicious emails as spam, or report phishing emails with your company’s IT department.
- Avoid clicking on links or attachments.
- Scan attachments using your antivirus software, and update your software ASAP if you accidentally click on a link.
- Don’t reply to requests for personal or financial information. If you do, consider calling your bank or credit card company to ask about next steps
If there’s a chance the email could be genuine, follow up with the company directly using contact information on their site. They’ll be able to confirm whether or not they emailed you, and they can warn other customers of a potential scam.
How to protect yourself from phishing scams
There are a few ways you can boost your cybersecurity and stop phishing attempts in their tracks.
Install an antivirus software on all devices
Think of antivirus software as a security guard. It protects your devices from malware, ransomware and identity theft by blocking offensive content and scanning attachments and images for viruses. It also prevents hackers from accessing your webcams and hackers, and checks your router for vulnerabilities.
While you can download free versions online, it’s worth investing in a subscription software like ESET Internet Security or ESET Mobile Security. These programs offer a multi-layered defense against a slew of cyberattacks, and they can give you — and your employer — peace of mind while you’re working from home on company devices.
Accept all software updates
We know how tempting it is to skip software updates, especially if they pop up often. But the reason they’re so frequent is because manufacturers release patches as they find security flaws to keep you and your data safe. With that in mind, try to install software updates straight away — or switch on auto updates so you don’t have to worry about them anymore. The same goes with your phone: software updates can protect you against most major security threats.
Enable multi-factor authentication on your accounts
Multi-factor authentication (MFA) adds an extra layer of protection. It requires you to provide two forms of verification before you can access the site or system you’re trying to enter. So, you might have to type in your password, and then a code is sent to you via email or text. This makes it harder for hackers to unlock your accounts and get the information they want.
It’s worth the effort. According to Google, this simple cybersecurity measure blocks 100% of automated attacks!
Back up your data regularly
Many phishing scams are designed to steal your data, and the effects can be devastating. That’s why you should always back up your data to mitigate the damage. The key is to maintain two encrypted backups: one on an external hard drive or flash drive, and another on the cloud. By having at least one backup off-site, you’ll also be protected in case of a server crash or outage.
Outsmart hackers with the right software
Protect yourself and your data from phishing attempts with ESET Internet Security. Get in touch with the team today to learn more about thor sophisticated software solutions.
ESET is a global internet security company, providing threat detection solutions for businesses and consumers in more than 200 countries and territories.