What is an Email Phishing Scam?
“Phishing” is a homophone of fishing, which involves using lures to catch fish. It is a malicious message that victims often receive that is allegedly sent from a trustworthy site or organization that often includes a link or attachment that can install malware on your computer, or can direct the victim to a malicious website that will ask for personal and financial information all for the purpose of monetary gain by a cybercriminal. Some phishing emails are poorly written and obviously fake, but sophisticated cybercriminals use techniques of professional marketers to identify the most effective types of messages or the phishing "hooks" that get the highest open or click through rate.
What to look for
The "From" address
If the email address is from any type of address that looks like "firstname.lastname@example.org" or anything similar, delete the email immediately.
No matter how much it gets proofread, any company is going to occasionally send out an email with a spelling or grammar error. Fine. But phishing emails often contain glaring and obvious mistakes that you can catch without being a copy editor. Awkward phrases, missing punctuation and wrong capitalization are just a few places to start.
Are the paragraphs in the body of the email formatted correctly? Are some random words in bold? Are there extra spaces? Are there images included that don't make sense?
Remember that NOT ONE legitimate company will provide links for security issues. If there's a problem, the company will ask you to head directly to the company's website and enter your information there, rather than provide you a link to follow. You can also hover your mouse over the link to see where it really directs you. You'll discover that these links actually infect your computer with dangerous malware - all with just one click. As a rule of thumb, don't click any links if you think the email is suspicious.
Have you received a threat that your account would be closed or suspended if you didn't respond to an email message? This is a common threat that cybercriminals often use to trick you into thinking your security has been compromised.
Spoofing popular websites or companies
Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered.
When was the last time you received an email from a major corporation that ended with "God bless you"? Remember, this isn't an email from your Grandma. It's supposed to be from a successful international company that isn't going to risk offending anyone. Also, make sure there's a signoff as scam emails have often just ended without a signature.
Phishing scams are crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something. Such a claim is always an indication of a phishing scam, as responsible companies and organizations will never take these types of actions via email. Be aware of what to look for and how to prevent these scams from costing you and your business time and money.