Read This Before Clicking On Any Links In Any Email…

Discover How To Distinguish Real Emails From Phishing Emails…

So you receive 100s of emails every day and you screen them to delete the emails that look like spam. But what if one of the emails is actually a phishing email but sounds legit and from a business that you know?

Before we jump in, here are some staggering stats:

• 96% of phishing attacks arrive by email
• The top five subject lines for business email compromise attacks are:
  • Urgent
  • Request
  • Important
  • Payment
  • Attention
• 8 in 1 employee share the information to phishing web sites
• Over 60,000 phishing websites reported in March 2020 alone
• 96% of all targeted attacks are developed for intelligence-gathering
• 88% of organizations around the world experienced spear-phishing attempts in 2019
• Another 86% experienced business email compromise attempts
• 65% of organizations in the United States experienced a successful phishing attack
• PDFs and Microsoft Office files were the delivery vehicles of choice for today’s cybercriminals. The reason is that these files are mostly used and universally trusted in the modern workplace. 

Now that you have some idea about how much phishing is going on and how effective they are, let’s get to:

What is a phishing email?

A phishing email looks much like any other email you may have received from a reputable company. The company logo is typically emblazoned at the top of the message, and the email often appears to be sent from someone in authority. The email’s graphics, fonts, template and language are usually copied from a real company email to look identical to a legitimate email sent from that company.

Tips On How To Distinguish Between an Email That Is a Phishing Attempt From a Legitimate Email?

There are many ways to identify a phishing email. One big pointer of phishing emails are poor spelling, improper grammar, strange punctuation or misplaced capital letters. This is especially true when the email is sent from someone in a foreign country like China or Russia who isn’t very familiar with the English language. 

Almost all phishing emails contain some kind of text encouraging you or even threatening you to take the action, usually something like asking you to click a link to view your account or click to view the status of your account. The sender might threaten to close your account if you don’t click on the link in the email. 

The goal of most social engineering and phishing emails is to get you to click on a link. The link is often designed to look legitimate, but when you click it, it redirects you to a malicious website. This website might be a shady online shop trying to gain business or a malware site that infects your computer with a virus. Afterward, your computer’s performance seems to suffer but the desktop and the screen look unchanged and look like before. Some of these infections are designed to use your computer to send millions of spam emails to others to find new victims or try to sell some stuff.

How can you spot the phishing emails?

To determine if a link is real or fake, hover your mouse pointer over it (or the logo and pictures on the email) for a few seconds to see the actual link. If you’re ever suspicious of a link, don’t click it. Instead, do some research. Search that company on Google or if you know the company, type the URL into your browser’s address bar yourself to ensure that you go to the correct site. Today most legitimate website sites provide safety by encrypting all communications to/from their website. Secure website URLs typically start with “HTTPS://”, (and not HTTP://) and displays an icon at the bottom of your browser window letting you know that the site communications are encrypted for your safety.

For example: What will you do if the link shows www.bankofamerica.com but when you hover your mouse pointer over this link its shows http://3bdyh778.mediabl.com? It is almost certain that this is a phishing attempt.

Another example is a PDF or Microsoft Office file (Word, Excel, PowerPoint) attachment. The sender is asking you to open the attachment and get back to him/her as soon as possible. If you do not know the sender or if the email sounds weird, do not open the attachment. Instead, send a separate email or call the person you know, and verify if this is a legit attachment.

What to do when in doubt?

The best thing you can do when you receive an email, supposedly from your bank (or any place) that is for example warning you of a security threat on your account, is to contact the institution directly without clicking on their link or log into your account directly at your bank’s website and see what is going on. Whatever you do, DO NOT click on the links in the email. Many organizations maintain email department that can help you rooting out these identity theft schemes, and they can tell you whether any communication you receive is legitimate.