Phish…or Friend?
It’s just another day in the office – or home office – when an unexpected email either requesting personal information or containing links and attachments appears at the top of your inbox. What do you do?
Option 1 – Proceed as normal and treat the email as safe. It made it past your spam filter, after all.
Option 2 – Analyze the email carefully and proceed with caution. If you notice any red flags, initiate your organization’s reporting policy for suspected phishing attempts.
If you chose option 2, you made the right choice. As the saying goes, “better safe than sorry”. Yet oftentimes, well-meaning individuals still fall prey to phishing scams, either because they wish to be accommodating to a perceived trusted source, or because they are so pressed for time they do not stop to notice the cues that would alert them to potential red flags.
A phishing attempt is a fraudulent email that tries to fool the recipient into revealing sensitive information or clicking on a bad link. Asking yourself the following questions can help determine whether or not an email is a potential phishing attempt:
- Does the sender’s name match the email address domain?
- Does the email domain appear to be from a trusted source, but contain subtle differences from what you’re used to seeing?
- Does the email contain a generic salutation, or perhaps no salutation at all?
- Does the body of the email contain more spelling and grammar errors than you would expect?
- Does the tone of the email try to initiate immediate action on your part, contain requests for sensitive information or funds, or make promises that are seemingly too good to be true?
- Does the email contain links or attachments that the message urges you to click?
- Does the email contain references to legitimate services, corporations, or individuals to try to establish a veneer of authenticity?
Don’t get hooked! If the answer is “yes” to any of these questions, the odds are good that it’s a phishing attempt. Train your team to stay alert to these red flags and ensure your organization has protocols for both confirming an email’s legitimacy or reporting it as a phishing attempt.