How to Identify a Phishing Threat Before the Damage is Done

The ubiquity of phishing and denial of service (DoS) attacks has necessitated increased education and a greater awareness about the threats, as well as enhanced cognizance of the potential ways scammers seek to get sensitive personal and company information.

Phishing-related attacks have become significantly more rampant than in the past as demonstrated by a 162 percent increase between 2010 and 2014. Further, these attacks cost in excess of $4.5 billion annually. Identifying a threat before it’s too late has never been more important.

Of course, the best defense is a good offense. Blocking malicious e-mails before they reach one’s inbox is the most obvious preventive tool, and this can be realized by quality anti-phishing and other security software. However, despite having a strong proactive plan in place, some phishing e-mails will always make it into in boxes. Of particular concern is that experts estimate that a whopping 97 percent of people cannot identify a phishing email—particularly a sophisticated one.

Experts offer a these strategies to prevent falling prey to phishing attacks.

1. Do not trust the name displayed

It is very common for spammers to spoof an e-mail’s display name. The problem is so pervasive that recent analyses by global data solutions provider Return Path have demonstrated that nearly half of 760,000 e-mail threats that targeted 40 of the world’s largest brands were spoofed. To protect against potential problems, it is critical to check the e-mail address in the “From” header and if it does not look quite right then do not open the e-mail. Additionally, check for spelling errors which are common in fraudulent messages.

2. Examine the salutation

If an e-mail is addressed to “Valued customer”, “Beneficiary”, “Dear friend”, or any other vague person, then do not open any attachments or click on any links. Legitimate businesses always use a customer’s or client’s full name in any legitimate salutation. Additionally, check the signature. Legitimate business correspondence will contain the sender’s contact information.

3. Look before you click

Before clicking on any links in an e-mail, hover the cursor over them and if anything just doesn’t look right, then do not click. Alternately, open a new window and type the URL to see where it may go. This is much safer than clicking on a link, especially from phishers who are purporting to be from financial institutions. Furthermore, and rather obvious but worthy of mention, never divulge any personal information via e-mail or by entering data into forms on an e-mail directed website.

4. Keep an eye out for any subject line language that may appear urgent or threatening

Instilling fear or urgency is a common tactic—especially regarding suspended accounts, password changes, or unauthorized login attempts.

5. Beware of attachments

Virus and malware-infested attachments are very common. Opening an unexpected attachment is a recipe for disaster.

For more information on how to protect your business from phishing threats, please contact us.