Scams have existed for a long time. It all started with some phone calls from criminals saying they are IRS agents or using false information to obtain their victim’s personal information. Now that technology is also a means of communication, scams are spread all over the Web, especially in the email world.
Every second of every day, approximately 2.4 billion emails are sent online. Almost every person has an email account, and most users open it at least once a day. This makes email the perfect place for criminals to ‘do their work’. And they definitely do it – nearly 85% of the messages sent via email are spam.
Now, most fraudulent emails are detected by algorithms and go directly into our spam folders. However, fraudsters are getting more creative with their spammy messages these days, so some messages will definitely slip the email security measures. A well-thought spammy message can have a high email delivery and get right into your inbox.
At that point, it is your job to detect the spam email before it harms you.
Out of all these criminal messages, the most common form is phishing emails. This is exactly what this article will explore for you – phishing emails and how to spot them in 2022.
- What is a phishing email?
- Smart tips for spotting and avoiding phishing attacks
- Use smart tools to verify users with email data breach information
- Look for spelling mistakes
- Check the sender’s email address
- Check the link before you click on it
- Don’t download unsolicited attachments
- Check the salutation
- Never, ever act on money requests
- Don’t share your personal data in emails
What is a phishing email?
According to research, 97% of email users cannot identify a phishing email. This means that there are many victims of such messages, which is a shame because the process of avoiding them is rather simple.
Phishing is a message where the criminal i.e. the phisher poses as a company or person and convinces the recipient to provide sensitive information, download malware/ ransomware, or click on a link. The information in the message looks real but it is actually designed as a ‘hook’, which is where the term comes from.
We all remember that “prince that will hire you” scam that was very popular back in the day. Criminals have come a long way since then. Now they use spoofed email addresses, pose as the brands you trust and love, and even create sites that appear very legitimate until you provide your credit card details.
To identify phishing emails and prevent them, the first important thing is to understand this kind of threat. These are the two most frequent forms of phishing in 2022:
- Deceptive phishing. This is a “spray and pray” method where criminals send mass emails to millions of people. They usually come in the form of “issue with your X account” or “congratulations, you won a prize”.
- Spear phishing. This is a more personalized threat, one that is customized with details about the victim such as their name. It is harder to detect since it appears personalized, so recipients often perceive it as genuine.
In addition to these general categories, there are also phishing occasions where specific groups of customers are targeted i.e. company phishing. Very often, phishers will target the users of a company or a service, such as Dropbox or Google Docs. Here is what this looks like:
These are just a few examples. The reality is harsh. There are millions of attempts at phishing every single day, and a big number of the victims can never recover their losses.
So, what can you do to keep yourself and your company safe?
Smart tips for spotting and avoiding phishing attacks
Let’s get to some actionable tips that will help you avoid such attacks:
Use smart tools to verify users with email data breach information
Email crawlers do a very good job of detecting obvious phishing messages, but that’s not enough. The smartest thing you can do for your security these days is to add an extra layer of protection. A smart tool like SEON will allow you to verify users with email data breach information and prevent phishing attacks you wouldn’t be able to detect before.
SEON is an online fraud prevention platform that helps small and big businesses to stop fraud before it happens. While it is very hard and maybe even impossible to keep track of all messages and transactions in a business manually, SEON can automate the entire process and keep track of every interaction and transaction in your email.
Look for spelling mistakes
If you decide to do this manually or want to do an additional check, here is one big red flag to pay attention to – spelling mistakes. No reputable brand will send a message that contains spelling errors. Phishers often use them to avoid using the brand’s original name, hoping that you won’t notice a letter or two missing or out of order. Others have many mistakes in the message because they don’t pay much attention to spelling. After all, their brand’s reputation is not at stake!
Truth is, many people don’t notice spelling mistakes in phishing emails. Take, for example, this PayPal email:
Now, unless you are expecting to find a spelling error as in this case, chances are you wouldn’t notice that PayPal is spelled incorrectly. An average person receives 100 to 120 emails per day, so they don’t focus on the details when going through their mail.
If you are looking for a sign of a phishing email, this is the first red flag to detect.
Check the sender’s email address
Phishers don’t have to create new email accounts to send out messages since many don’t check the email and only look at the display name or heading. They simply alter the display name of an account and send an email. If you take a look at the address, it has nothing to do with the message or the display name you see.
Now that you know this, don’t blindly trust the display name in the messages you receive. It takes a second to check the email address and see if it matches the display name. If it doesn’t, that’s it – you just found a phishing attempt!
It is not possible to fake an actual domain name. But, hackers are amazing at disguising this in links.
How do they do this?
They use link shortening services to prevent the recipient from seeing the destination of the link. They use encoding to hide the destination of their phishing site.
So, how do you detect their phishing attempts?
For starters, if you see a shortened link, don’t click on it. Use an URL expander tool – there are free options for this, such as LinkExpander or CheckShortURL. Also, check the link wording. If it is just a messy combination of letters and numbers and many % signs, it’s a big warning sign.
Don’t download unsolicited attachments
Let’s be real – legit businesses won’t just send you an email with an attachment in it and expect you to download it. They’ll tell you all about it and most likely direct you to their website where you can download what they’re offering.
So, whenever there’s an attachment in an email and the sender is not someone you know, do a double-check. You might even want to confirm with the company if they sent you the email.
Check the salutation
Those messages that start with “dear esteemed customer” are almost always spam. No legitimate business will send you such a message. Most will use your full name when talking to you. Now that personalization is more valued than ever, there’s hardly a company that still starts emails in this way.
Never, ever act on money requests
Phishing scams cost businesses billions of dollars every year. They steal information and infect the company data with ransomware and malware, and they often get this opportunity by sending silly messages to all employees.
Why wouldn’t they ask for many when, after all, it is money that phishers are after? Sooner or later, all these crimes result in getting money from the recipient.
So, when you get a message that asks you to cover expenses, fees, and taxes, don’t jump right at it and send your banking details. It’s most likely a scam, so check it carefully.
It’s never smart to share your personal data like bank account details or credit card numbers via email. Companies like your bank won’t ask for this via these channels, and no reputable company will dare to ask for confidential information via email.
It might seem that your address or phone number or passport number isn’t as important as your banking details, for example. Many people think that way, so they are willing to send a copy of their ID or their address via email.
This is all personal information and the risks are enormous. If you receive an email looking for personal data, don’t act on it. Check it carefully.
Have you been checking your messages?
Phishing attacks can happen to everyone. You can become the target of hackers on your personal and professional email accounts. If you aren’t careful, this can cost you a fortune that you’ll never get back. That being said, follow these tips to easily spot and avoid such an attack.
Nadica Metuleva is a freelance writer who’s passionate about creating quality, original content. She holds a Master’s degree in English teaching and a Bachelor’s degree in translation. With 8 years of experience in the freelance writing industry, Nadica has become proficient in creating content that captivates the audience, drives growth, and educates. You can find her on LinkedIn.