Phishing Emails

Most people receive many emails daily, in both their personal and work email inboxes. Some of these are likely to be phishing emails, which are bad news. Exploring what phishing means in an email setting and understanding how to recognize phishing emails is paramount to keeping yourself safe from hacking, viruses, and scams.

What is a Phishing Email?

A phishing email is more than a spam email. Phishing emails try to obtain sensitive information from their recipients by posing as legitimate requests. The sensitive information obtained is then used to hack into computers and bank accounts or initiate a financial transfer, making the recipient of the email the victim of a scam. Phishing emails often look like they are coming from a well-known vendor, such as Amazon or Verizon, or even from a coworker or boss. This makes it easier for people to fall for them.

How Common are Phishing Emails?

Phishing is a common cybercrime occurrence. In 2019, it was estimated that 32% of data breaches involved phishing. Phishing has cost victims a whopping $26 billion globally, between 2016 and 2019, according to the FBI’s Internet Complaint Center, with $10 billion in losses occurring in the U.S. alone.

Phishing overall is on the decline in the past three years: to the tune of a 42% reduction in overall phishing for 2019. Experts explain that this means that phishing scams are becoming more calculated and targeted, and cybercriminals are adopting a quality-over-quantity approach. Statistics suggest that training people about the dangers of phishing does a lot to prevent phishing attacks. In fact, 38% of users who don’t undergo cyber awareness training fail phishing tests. Having tight email security protocols and strong prevention tools usually will not prevent most phishing attempts - nine out of 10 phishing emails in one published analysis were discovered in environments that use secure email gateways (SEGs).

How to Recognize Phishing Emails

Scammers work extremely hard to make their phishing emails look legitimate – from logos and banners to color schemes that match trusted businesses. While phishing emails can look very authentic and be deceiving, there are a few red flags characteristic of phishing emails. These include:

• Slightly misspelled company names in the email address or strange suffixes such as .biz – you can see these clearly by holding your cursor over the “from” field.
• Emails sent at random times – such as 3:15 AM for an email coming from a coworker.
• A call to action is contained in the email. This might be a request to reset your password due to hacking reports or a plea from a coworker or friend to wire money due to a lost wallet or travel mix-up.

What to Do if You Receive a Phishing Email

Phishing emails are common, and hackers are getting savvier and savvier with their scams. Attention to detail is important to recognize a phishing email and prevent becoming a victim. If you notice any of the signs listed above, or if the email is simply giving you a bad vibe, you can try to get in touch with the company or individual that supposedly sent the email. If you do this, do not use any phone numbers or emails contained in the message. Instead, look up customer service or contact number for the supposed sender and give them a call. Ask them if they attempted to contact you and verify their request verbally. Remember – legitimate businesses work hard to develop security protocols, and they would not ask you to reset your password via an email link. Instead, they would require you to be logged into their site, possibly verify your identity through multiple steps and only then allow you to modify login credentials. Companies would likely mail you a letter to alert you of a security breach, as required by most state laws. Similarly, if a work email asks you to send a payment for something or provide sensitive information, there would very likely be a verbal heads-up by phone.

Assuming the phishing email you receive does not check out as legitimate, the best and most secure practice is to delete this email and report it as spam to your email service. You can also choose to block the sender. It is not a good idea to forward the email to your company’s IT department or someone else because you could risk exposing them to a security threat.

Preventing Becoming a Victim of Phishing Scams and Protecting Others

Everyone has the potential to fall victim to a phishing scam, but there are steps you can take to protect yourself from phishing scams. These include:

• Not getting in the habit of answering emails when in a rush.
• Having a policy of not disclosing sensitive information by email.
• Checking email on a computer and not a phone to avoid missing important details, such as suspicious “from” addresses due to a smaller print.
• Paying attention to news about current common phishing email types – these are often linked to current events, such as the Coronavirus.
• Sharing phishing warnings with family, friends, and coworkers.
• Alerting companies when they are being imitated by a phishing email so they may alert their customers.

As with any Internet scams, the more you know about how they work, the more you can do to stay vigilant online and protect yourself, your colleagues, and your loved ones. Due to the rapidly changing nature of online technologies, it is essential to re-educate yourself about the specifics of current scams regularly. Taking a few preventative steps can make the difference between falling for a phishing email or reporting it and raising awareness that protects others.