If you have an email account, you’ve probably received your fair share of phishing emails: receipts from things you’ve never bought; emails with poorly worded text masquerading as well-known companies; or even the occasional request from a foreign prince for your credit card information.
Phishing emails can be potentially damaging to both you and your company. These emails work to create a false sense of urgency and are designed to trick you into performing some sort of action that can give the hacker access to your devices. With a business, hackers typically aim to infiltrate the email inbox of executives, and then request a money transfer or wire to a foreign country.
On top of “normal” phishing emails, spear phishing is a more complicated technique used by scammers to access your system. Anne-Marie Lambert, a cyber security expert at ATB, says that “if phishing in general casts out a wide net, then spear phishing is like targeting a single fish (or person) in a barrel.” Spear phishing is an extremely targeted attack, usually aimed towards executives or high level staff members that have a large public presence. Hackers will investigate a person’s social media presence, like Facebook and LinkedIn, to figure out what they like and value, and then use that against them. “For example,” Lambert explains, “if you post about your rescue dog and your time volunteering at animal shelters, a spear phishing email may come in with a link asking you to help support an animal organization, and if you click the link a hacker can access your device.”Image and information referenced from The Globe and Mail
But how do you know if you’ve been targeted by a phishing email? We’ve outlined five ways to help you spot a phishing email that may be lingering in your inbox:
1. The email is sent from a public email address
Look at the sender’s email address, as this can help identify if the person is truly who they claim to be. Often, the fraudster will use a public email address such as gmail.com. If your bank or colleague is going to email you, it will come from a company email account with the company name in the email address.
2. Strange attachments
If you receive an unexpected email or an email from someone you don’t know asking you to open an attachment, do not open it. These attachments can contain malware that can harm your device and capture your personal information.
3. The creation of a sense of urgency
Phishing emails often ask recipients to verify personal information, such as bank details or a password. They can create a sense of urgency by warning that your account has experienced suspicious activity or pretending to be someone you know who is in urgent need of financial help.
These are massive warning signs. If you are ever unsure, contact the company or person using the contact details you already have for them or that are on their legitimate website. Never use any contact details or click any links provided in the email.
4. Links to unrecognized sites or URLs that misspell a familiar domain name
Phishing emails may ask you to click a link within the email. By hovering your mouse over the link or address, you can see the linked site’s true URL. These URLs can be slightly misspelled or completely different to what you are expecting, so always double check before you click.
5. Poor spelling and grammar
You can often detect a phishing email by the way it is written. The writing style might be different to that usually used by the sender and it might contain spelling mistakes and poor grammar.
Being aware of phishing emails and knowing how to spot them are only the beginning of protecting you and your business against cyber attacks. For more information on how to protect you and your business from cyber attacks, check out ATB’s white paper on cyber security, How to protect your business from cyber theft and payment fraud to keep you - and your money - safe.