Phishing is a common and effective method of defrauding businesses and individuals. Cyber criminals send billions of phishing emails each day to trick people into downloading malicious software or providing personal or financial information.
These scams account for about 32% of all data breaches, while 91% of all cyber attacks begin with a phishing email. Help protect your organization by using these tips to spot a phishing attack.Linked URLs are different from the one shown.
Often the URL in a phishing message will appear to be valid at first glance. However, if you hover your mouse over the URL, you will see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed, then the message is likely the bait in a phishing scheme. This is more difficult to see and validate on a phone or tablet.
Look for URLs that contain misleading domain names.
Criminals use this phishing technique to convince victims that the message came from a company like Microsoft, eBay or the FBI. Look for URL variations that are misspelled or have additional words attached like ebay.phishingdomainname.com. Also, the website connection should be secure with the padlock icon visible in the browser's address bar.
Beware of messages that ask for personal information.
Regardless of how official or convincing the email message looks, if it is asking for confidential information you should be on high alert. Your bank doesn’t need you to send them your account number. Similarly, your credit card company would never send an email asking for your password, credit card number or the answer to a security question.
If it seems too good to be true ...
You know the familiar saying, and it's especially true when it comes to email messages. If you receive a message from someone who is making grand promises, such as inviting you to claim $1,000,000 in cash or some other outlandish prize, then the message is probably fake.
Watch out for urgent emails demanding you take action.
Another common phishing technique is to deceive you into clicking a link that compels you to respond promptly. The message may state that your account has been closed or frozen, or that there has been fraudulent activity requiring your immediate attention. While it is conceivable you could receive a legitimate alert requesting you take action on a real account, to be safe avoid clicking the link in the email, no matter how genuine it appears. Instead, access the relevant website or app directly and log in to your account. If the email was official, your account should have a notification.