What is Phishing: 5 Easy Tips To Identify Malicious Emails

Awareness, Entrepreneur, Individual, Security - By -
phishing email on keyboard

There it is – an urgent message in your inbox. “Your account has been suspended!” You open the email and find an easy way to unsuspend your account: “Click here to resolve the issue”. Panic sets in, you want to click the link but you aren’t sure why your account would be suspended in the first place…

Phishing scams have been around for a very long time and are becoming increasingly sophisticated. So, how do you avoid clicking the disastrous phishing link and becoming the next victim? Let’s get started.

What is phishing?

Phishing is a type of social engineering attack where a cybercriminal uses email to try to trick you into performing an action that allows them to obtain your personal information. The emails often contain a malicious link which is used to enter your username and password, or an attachment that can install malware on your device.

The different types of phishing attacks

  • Email phishing. The classic phishing scam which uses email as the primary method to carry out the attack. The aim is to get you to click a link or download an attachment.
  • Spear phishing. This is personalized phishing which targets a specific group of people who have something in common.
  • Whaling. This is similar to spear phishing, but focused on executives, board members, or other high-profile individuals.
  • Smishing. Also known as SMS phishing. This is when the attack is performed using text messages.
  • Vishing. Also known as voice phishing. This is when the attack is performed using a phone call to target people.
  • Quishing. Also known as QR code phishing. It is an attack which uses QR codes to redirect people to malicious websites.
  • Clone phishing. A type of phishing that clones a legitimate email and then alters links or attachments to perform malicious activities.

How a phishing attack works

Understanding how a phishing attack works will make it easier for you to identify them.

  1. An attacker creates a fake message or website which looks like a legitimate company or person.
  2. They send a message that urges you to take some type of action such as clicking a link, downloading an attachment, or responding in some form.
  3. If you perform one of these activities, such as clicking the link, you are redirected to a malicious website.
  4. Once on the website, the attacker will either try to get your credentials or install malware on your device.
  5. Now the attacker has access to your personal information.

Phishing is an art in manipulation and trying to gain your trust. The attackers will try their utmost to make their messages as believable as possible to trick you. The more you know about phishing, the better you can protect yourself.

5 easy tips to identify phishing emails

  • Unknown sender: You are not familiar with the sender or there is a spelling mistake in the email address.
  • Suspicious URLs: The link within the email does not match the company’s official website. You can hover over the link to view the full URL.
  • A sense of urgency: The email contains messages requiring you to “act now” or “your account has been suspended”. They are designed to make you panic and react on impulse.
  • Spelling and grammar mistakes: Many phishing emails come from non-native speakers or automated systems which could lead to mistakes within the body of the email.
  • Unknown attachments: The email may have an attachment that you were not expecting or that is not aligned with the body of the email.

What to do if you’ve clicked the link

If you suspect that you may have clicked the link, downloaded an attachment, or responded with personal information, follow these five steps to quickly protect yourself and your information:

  1. Change your password: Start with the account that you think may have been compromised and then secure any other related accounts as a precaution. Make your new password as complex and unique as possible.
  2. Monitor your accounts: Check your potentially compromised account for any unauthorized changes and monitor your bank account to ensure that no suspicious transactions occur.
  3. Enable multifactor authentication (MFA): Check if your account has an option to enable MFA and, if it does, enable it immediately. This will add an additional authentication step to your account in addition to your password.
  4. Run an antivirus scan: Malware may have been downloaded and installed on your device so run an antivirus scan to check for any malicious programs or files.
  5. Report the phishing attempt: This may be last, but it is very important. The company probably has a dedicated security team who can investigate the phishing attack so inform them to prevent further attacks.

Stay safe!

Phishing scams may seem annoying, but they can become a nightmare if they are executed successfully. Attackers will play on our emotions to convince us to respond which could lead to our accounts and devices being compromised. Don’t be afraid to question the legitimacy of the email or contact the company directly for more information. Remember to think before you click and stay aware!

Related Posts

Scroll to Top