Phishing attacks are an evolving threat in today’s world. As technology advances, so do cybercriminals. Attackers have adopted a strategy of sending emails wherein they impersonate a trusted source through their email address or their signature. Their intent is to have their target unknowingly reveal sensitive information, download malicious links, or grant access to personal or work devices. To protect your information and devices, it is important to always proceed with caution and be aware that these threats are present when handling one’s emails.  

Below are some helpful questions to consider when proving an email’s legitimacy: 

Are you expecting this email?  

If you have not done anything that would warrant a call or email, question whether you should be expecting to hear from this source. 

Is the message coming from a trusted source? 

Spoofing is common with phishing emails, so carefully check for any errors or misspellings from the sender. A common tactic by cybercriminals is to add an extra character to the name of a superior or well-known brand in the email address. At first glance, the sender would appear legitimate. For additional confirmation, ensure there is detailed contact information, such as a phone number and company address, for the person sending the email. Even with this confirmation, cybercriminals can and will mimic legitimate signatures. Hover your mouse over the “from” to see the real name and email address of the sender.

Is there a sense of urgency within the email?  

Phishing emails will often threaten to suspend your account, warn that your data has been lost, or jeopardize security to get the user to act quickly and rashly. Do not click on any links associated with such urgent needs. Instead, go to your web browser and log into your account separately from the email.

Is the sender asking for personal or sensitive information such as login ID’S, passwords, or other account details?  

Such information is extremely sensitive and should not be given through email. Trusted sources will typically never ask for this type of information.  

Do the links seem suspicious? 

Verify that all links in an email are not suspicious. Do not click on any links in an email but rather hover over them with your mouse to see where the link would redirect you to. Is it sending you to an unknown and illegitimate source? Is the website in the link spelled wrong? Such things are often giveaways of a phishing attempt.  

To stay protected against such threats, we recommend utilizing implementations designed to secure your information and reduce risk. One example is to use Multi-Factor Authentication (MFA) on all accounts for an additional layer of security. This will prevent an unwanted source from easily accessing your information.  

Threats in the cyber world are always evolving; keeping these questions in mind and taking advantage of cyber security training can help protect yourself and your information from outside cyber threats.  

If you feel you have been a victim of a phishing attempt, please contact us at 412-261-5600.