Phishing emails flow into inboxes year-round, especially during the holidays. Here are some clues to help your users spot “fishy” emails.
Every day these countless phishing emails are sent to unsuspecting victims all over the world. While some of these messages are so outlandish that they are obvious frauds, others can be a bit more convincing.
So how do you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no one single technique that works in every situation, but there are a number of things that you can look for.
Always be suspicious. Phishing emails try to freak you out with warnings of stolen information or worse, and then offer an easy fix if you just “click here.” (Or the opposite: “You’ve won a prize! Click here to claim it!”) When in doubt, don’t click. Instead, open your browser, go to the company’s website, then sign in normally to see if there are any signs of strange activity. If you’re concerned, change your password.
Check for bad spelling and grammar. Most of the missives that come from outside the US are riddled with spelling mistakes and bad grammar. As I noted earlier, big companies hire professionals to make sure their emails contain perfect prose. If you’re looking at one that doesn’t, it’s almost certainly a fake.
Beef up your browser. An accidental click of a phishing link doesn’t have to spell disaster. McAfee SiteAdvisor and Web of Trust are free browser add-ons that will warn you if the site you’re about to visit is suspected of malicious activity. They’re like traffic cops that stop you before you turn down a dangerous street.
Use your phone. If you’re checking email on your phone, it might actually be harder to spot a phishing attempt. You can’t “mouse over” a questionable link, and the smaller screen makes you less likely to spot obvious gaffes. Although many phone browsers (and operating systems) are immune from harmful sites and downloads, it’s still good to exercise caution when dealing with suspicious links. (Obviously you still shouldn’t complete a form that asks for your password or other personal info.) Android users in particular should be aware of the potential risks.
Most of all, rely on common sense. You can’t win a contest you didn’t enter. Your bank won’t contact you using an email address you never registered. Microsoft did not “remotely detect a virus on your PC.” Know the warning signs, think before you click, and never, ever give out your password or financial info unless you’re properly signed into your account.
Got any other anti phishing tips to share? share with us in the comments.