The year-end saw an unprecedented number of emails from retailers and businesses looking for you to visit them and make a purchase. Unfortunately, this time of year also brings a large increase in spam and hack attempts that arrive in your inbox alongside the overflow of retailer emails. These emails are also known as “Phishing” emails.
Whether you're on a corporate network or personal network you will be putting yourself at risk by opening these fraudulent emails. Phishing emails are getting harder and harder to differentiate from legitimate emails and when opened on a network can cause major havoc and security issues for your business data. So how do you know whether an email is legitimate or a “Phishing” email?
The tips below will help you identify and avoid falling prey to a phishing email:
- From Field - Gone are the days where you can easily tell a phishing email by looking at the from field. It is very easy for phishers to spoof an authentic email address so that when you look at it, the email looks like it is coming from a real account. As a rule, don’t trust the listed email address.
- Links - If there are links in the email then it is important that you hover over them before you click on them. By simply hovering over the link, you should be able to see the URL that the link is set to go to and you will be able to see if it is a spoof URL. For example, you may see a link in an email that looks like this: http://americanexpress.com - which is a valid website address, but by hovering over that link you will see the actual page that this link will go to, which my look more like this: http://amex.mycreditcardonline.com. This could be a landing page to collect your data.
- Personal Information - Legitimate and honest companies will never ask for important details by way of email. If you are being asked for your social security number, date of birth or any other critical information, then there is a huge chance the email is a phishing email. Never give this type of information by way of email; it is not secure and can be retrieved by other parties.
- Grammar - Professional companies will take care in writing and preparing their emails. Since most (not all) phishing emails are originated from countries outside the US, you will often see poor grammar and spelling. If the email is not easy to read and is filled with spelling errors then you have probably come in contact with a phishing email.
- Accounts - Often phishing emails will arrive referencing an account you have at a bank and make it look realistic by adding an account number. This may have you scratching your head for a moment as you start wonder if you have the stated account. So check very carefully before you click on any links in the email or hand over your information. If you do not recall having an account with the account holder, don't click. In fact, best to keep bookmarks in your web browser that you know are accurate and access your accounts directly. If there is a valid alert that needs to be addressed, it is likely to be displayed in your browser as soon as you log in to the account in question.
If you receive phishing emails and want to know what you can do, you can get more information about how to report sites and emails at http://www.us-cert.gov/report-phishing