Fishing for the Phishers

Did you know that 347.3 billion emails are sent around the globe daily? This unfathomable number breaks down to roughly 4 million emails per second. The average office worker will receive 125–150 emails daily. Unfortunately, this creates an opportunity for those in a more nefarious “occupation” (scammers) to prey on our overflowing inboxes and our sometimes distracted-email-opening habits to extort money and information.

Of the 347.3 billion emails sent daily, almost 3.4 billion are scam emails seeking to infiltrate our systems and take information. Here are 10 tipoffs to help us recognize these phishing attempts.

1. Asking for Sensitive/Personal Information. Most reputable organizations will not require you to respond by email with information like your social security number, banking information, etc. If you are being requested to do so, take another look!
2. Inconsistencies with Links. Hover over any blue links with your mouse to display the full URL. If the URL does not match the email or generally seems nonsensical, do not click!
3. Poor Spelling and Grammar. We are all guilty of typing a little too fast and sending an email with a few red squiggly lines, but if you recognize multiple spelling issues or awkward phrasing, consider that a warning bell!
4. Too Good to Be True. If you get an email claiming you won the lottery or you have been left a large inheritance that will allow you to retire and spend your days on the many beaches of The Bahamas reading by the turquoise water (just me?), then it probably is too good to be true.
5. Suspicious Attachments. An attachment isn’t inherently malicious, but if there is an attachment and any of these other warning signs present, use extreme caution.
6. You’re Asked to Send Money. The IRS will not send an email asking you to reconcile overdue taxes. Be very leery if the sender requests funds or financial information of any kind.
7. Generic Greetings. Usually, those we do business with regularly know our names and address us as such. Phishing emails often opt for generic salutations like “Dear Customer.”
8. Unrealistic Threats. A phishing email may use unnerving, exclamatory threats to cause us to click on something in a momentary state of panic. Be aware of language like “Your account has been compromised!”
9. A Sense of Urgency. Again, phishing tries to make us react quickly without analysis. “Immediately!” and other words with an aggressive timestamp deserve a second look.
10. Was this Expected? If you get an email out of the blue from a service, person or organization you don’t know, let this be another reason for caution.

Along with this line of defense regarding phishing emails, I would also recommend looking into anti-virus software and a consistent way in which you are backing up data. The goal is to keep you safe, and by extension those you work with safe. Remember that we are often the easiest infiltration point. Stay vigilant and stay safe!