Email phishing activity increased significantly in the second quarter of 2021, especially in the financial services sector. According to a 2021 Mimecast report, 60% of survey respondents saw increased phishing emails with malicious links or attachments over the past year. That’s not to mention the FINRA incident in June, in which criminals perpetrated a phishing attack by sending fake emails to FINRA members.
Common attacks are nothing more than online scams involving gift cards, while some are targeted spear phishing campaigns with the goal of gaining access to corporate networks. The best defense against fraudulent emails is educating end-users on how to spot a suspicious email. Phishing schemes often have signs that can trigger recipients to question their veracity. The key is to slow down and pay attention to the details. To that end, we have put together a list of ten common phishing email characteristics.
10 Signs of a Phishing Scam
- It just doesn’t look right – Is there something a little off with the emails? Too good to be true? Trust your instincts about the warning signs of potentially suspicious activity.
- Generic salutations – Instead of directly addressing you, phishing messages often use generic names like “Dear Customer.” Using impersonal greetings saves the cybercriminals time so they can maximize their number of potential victims.
- Links to official-looking sites asking for sensitive data – These fake websites are often very convincing, so before revealing personal information or confidential data, examine the site to make sure it’s not a fraudulent website.
- Unsolicited email that uses personal details about you – Information like job title, previous employment, or personal interests can be gleaned from social networking sites like LinkedIn and then used to make a phishing email more convincing.
- Unnerving phrases – Thieves often use phrases meant to scare you (such as saying your account has been breached) to trick you into acting without thinking, and in doing so, revealing information you ordinarily would not.
- Bad grammar or spelling – Grammar mistakes and misspelled words are a dead giveaway in a basic phishing attack. The use of unusual syntax is also a sign that something is wrong.
- Urgent request – For example: “If you don’t respond within 48 hours, your account will be closed.” By convincing you the clock is ticking, phishing scammers hope you’ll make a mistake by clicking on a phishing link or opening a malicious attachment.
- You’ve won the grand prize – This phishing technique is common but easy to spot. A similar, trickier variation asks you to complete a survey (thus giving up your personal information) in return for a prize.
- Verify your account – These types of phishing attacks spoof real emails asking you to verify an online account with a site or organization. Always question why you’re being asked to verify – there’s a good chance it’s a scam.
- Cybersquatting – Often, cybercriminals will purchase and squat on website names that are similar to an official website in the hopes that users go to the wrong site, such as www.google.com vs. www.g00gle.com. Always take a moment to check out the URL before entering your personal information.
Coretelligent’s Recommendation:
It is essential for your organization to have comprehensive solutions for cybersecurity designed by a trustworthy, proactive provider. Our CoreArmor solution offers 24/7 intrusion detection and monitoring, in-depth assessment to identify vulnerabilities, best-in-class phishing testing and end-user awareness training, and more. Your organization must be protected against emerging email threats in 2021 and beyond. Contact us today for strategic guidance on how to mitigate the security risk from phishing attempts.
