But please don’t panic. This was only a test.
Before landing here, you clicked on a phishing email sent by your company to test you. This is important because, had this been a hacker attack, your credentials could have been stolen, malware implanted on your machine, leading to a ransomware attack or business email compromise. Both are really bad scenarios.
Our company requires everyone to remain vigilante when examining email. Be on the look out for these tell-tale signs of a phishing attack:
- Sender: is the sender correct? Be careful to check for look-alike domain names off by just 1 letter. For more information on this attack visit this webpage on Typosquatting.
- Subject: The subject is not always a dead give-away for a phishing attack. But look for subjects that are unexpected, too good to be true, urgent, or contain spelling or grammatical errors. These indicate a potential phishing attack.
- Greeting: watch out for generic greetings such as Dear Sir/Madam, or Valued Customer. These are usually indications you’re being phished.
- Spelling, Punctuation, and Grammar: English is sometimes the second language of attackers. Most legitimate companies rigorously check for errors with spelling, punctuation and grammar. You need to be on the look out for errors here.
- Urgency and Emotionality: hackers know that people make bad decisions when time-pressured or in emotionally charged situations. Therefore, their phishing emails come emotionally charged and with urgency. If you see this, be wary as you might be under attack.
- Malicious Links: some phishing emails are designed to steal your credentials. The phish is to convince you to click the link to a common vendor’s website, where you will attempt to login. The problem is, the website is a phishing site that will steal your credentials and if its well constructed forward you to the real vendors website after capturing your login attempt.
- Attachments: Last, but not least are the attachments that come in email. Some have dangerous file extensions such as .bat or .exe or macro-enabled office files (.docm or .xlsm). Others have safe looking extensions such as a PDF, but when you open the PDF to review your invoice, it has a link to the “invoicing website”. Again this is a ruse. They are seeking to steal your credentials when you try to log into that fake invoice website.
If you learn these seven ways to spot and avoid phishing emails, you’ll be cybersecurity and ready to face the hacker attacks that reach our inboxes every day. Be safe and stay vigilant.