What Are Phishing Emails and Why Are They So Dangerous?

Online scammers often target companies and individuals via “phishing” emails designed to look like they came from a legitimate bank, business, government agency, or organization. In these emails, the sender asks recipients to click on a link that takes them to a site where they will confirm personal data, account information, etc. Once that information is entered, the scammer uses it to invade and create new user credentials for the consumer’s existing accounts, open new accounts in their name, and/or install malware on their computer.

Users might falsely believe that phishing or scam emails all have telltale (and poorly misspelled) language about Nigerian princes – however, those days are long gone. Phishing tactics are far more sophisticated and can make a phishing email almost appear as an exact replica that the recipient would expect from a reputable company or organization.

How can you tell if an email is a phishing email?

The greatest defense you can have against the threat of a phishing email is simply to pause and think, “is there a chance this email might not be for real?” Definitely slow down and assess before opening any links, attachments, or sending a reply.

Here are four (4) steps you should take to assess if an email is from a legitimate sender or if it’s a phishing email:

1. Check the sending domain.

Don’t just check the name of the person sending you the email – take the extra step of checking their actual email address by hovering your mouse over the ‘from’ address. Look for slight alterations to the expected domain, like added numbers or letters. Be on the lookout for unusual spellings or weird abbreviated company names.

This isn’t a foolproof method, though, for sometimes companies use slight variations of their domains for email sending purposes. But if a sending domain seems off, see if you can find an email you received from this sender previously and compare the domains.

2. Always be wary of requests for sensitive information.

Many phishing emails are sent with the goal of tricking you into clicking a link and sharing information like passwords, account numbers, credit card information, or the like. If you receive an email with a link or attachment that asks you to provide these types of details, chances are it’s a phishing email. If you receive an email like this from your bank, a company, or an organization with whom you interact, contact that entity directly regarding the request and check the legitimacy of the email. Never click links or attachments in emails that ask for this type of information without doing some background checking first.

3. Beware of generic greetings.

Another trademark in many phishing emails is the use of generic salutations such as “Dear customer” or “Dear account holder.” Or some hackers simply avoid the opening salutation altogether. Most legitimate companies will use your name in the email.

4. Bad spelling should tip you off.

Often, the easiest way to spot a phishing email is poor spelling and grammar in the content. Other than these assessments, make it a general rule to think twice about opening an email for which you’re not absolutely sure of the source. And never click links or open attachments in emails that give you the slightest pause. If you have any inkling of concern regarding an email, check with the sender directly rather than responding to the email or interacting with any links.

What may happen when you open a phishing email?

Well, the good news is that the simple act of opening a spam or phishing email is usually harmless. The threat of a phishing email becomes much more severe if you take any of these actions after opening the email:

• Clicking on an attachment.
• Clicking on any links in the email.
• Replying to the email with any sensitive information like a social security number or credit card number.

If you’ve opened a phishing email but have steered clear of clicking links or downloading attachments, don’t try to unsubscribe. Note that even the unsubscribe link could be part of the trap. Instead, mark it as junk mail so that your email client can better identify it and send any future emails from that sender straight to your spam folder.

If you’ve opened an email in your business account or even a personal email while on your business network, you should report this to your IT department so they can be on alert for any unusual or suspicious activity. And it never hurts to scan your computer for any malware or ransomware just in case.

Steps to take to reduce your risk of being phished

It’s nearly impossible to protect yourself from receiving phishing emails. Our email addresses are more accessible than ever with inclusion on social media profiles and data breaches that can make them readily available to a scammer.

But you can take steps to minimize the effect of a phishing email should you happen to accidentally click a link or have another type of interaction with it:

• Make sure you’ve downloaded all the latest updates to your anti-virus software.
• Ensure your browser is up-to-date. Companies frequently release patches for newly detected malware, and your browser can be your first line of defense.
• Be wary of pop-ups, a frequent add-on tool in a phishing attack. Most commonly used browsers allow you to block pop-ups by default.
• Change your passwords regularly.

In the broad spectrum of cyberthreats, phishing attacks are actually the most manageable cyber threat to take action for your own protection. When in doubt, do not click. Make “don’t click” your default setting. Take a few seconds to check more about the email before interacting with it. By exercising appropriate caution, you can be your own best line of defense in protecting yourself from a phishing attack.