WARNING: YOU’VE FALLEN FOR A PHISHING SIMULATION!
Thankfully, this was not a real phishing email, but an authorized test by your organization. One wrong click could open the door to cyber crime for your employer, your coworkers, or your loved ones.
How to spot a potential phishing email?
This is not always as easy as it sounds. We hear people say, “I would never fall for a scam” or “I don’t click on links”. But, it only takes one time to be a victim of a data breach!
In 2019 alone, 65% of U.S. organizations experienced a successful phishing attack (2020 State of the Phish, Proofpoint).
Some things to watch for include:
- Identifying the sender and email address,
- Grammar & Spelling; both in name domain and the body of the email,
- Suspicious attachments or links
- Email causing a sense of urgency
(See below for more in-depth details on these methods.)
The email, to the left, looks like it came from Amazon. It looks very real to the emails Amazon sends out. Notice even the sender says Amazon.com?
This is a great example of how they trick people. Now let’s look at how to spot this next time to avoid a costly breach with this kind of phishing email.
Take a quick second and follow the slides on the left. Click on slide to enable full screen.
Identifying the sender & email address
First things first. Look at the email address as well as the sender. Were you expecting something from the sender?
Does the email address match the sender? Example, Magic City Systems will only use ‘@magiccitysytems.com’.
A great option to check a company’s domain name is to type the company’s name into a search engine. Companies won’t use public domains such as gmail.
Spelling & Grammar
Often in a phishing scam, the domain is spelt wrong or slightly off. Example, instead of the letter (m) they may use (rn). Did you notice how the (r and n) placed together, at a quick glance, look like the letter (m)? Example: john@rnailcarrier looks a lot like john@mailcarrier.
If the email contains poor spelling or grammar it may be a phishing scam. Scammers are often from non-English speaking countries. This means scammers are poor at writing because they often don’t learn the language; and aren’t using the proper context.
Suspicious Attachments or Links
Scammers use infected attacments or links to copycat websites intended to make you beleive the site is offical. Scammers are hoping to get information from you such as account details including login, phone number, and credit card information. As stated in the slide show, always check where a link is taking you by hovering your mouse over the link WITHOUT clicking it.
Scammers may also send risky attachments that once clicked on will open up malicious software called malware. Malware may cause your computer to slow down, freeze or even crash. Malware can create new files, delete or even modify current files and install new harmful programs.
Never open attachments unless you are 100% positive the sender is legitimate. Check via an alternate form of communication if the sender did in fact send you an attachment. . If there is a pop-up that ask for settings to be changed or a warning against the legetimacy of the file trying to be opened, Do Not Proceed.
Sense of Urgency
“Act Now”, “Immediate Attention Required” or “Legal Action will be taken”
Many scams want you to act right away. They are relying on confusion and panic. Think about what the email is asking you to do. Time allows us to notice things that seem off.
Perhaps the organization has never sent you something before and you were not expecting it, or in conversation you learn that the individual did not send you anything. Another example is a manager or boss asking for immediate files, containing information they have access to already, be sent to them.
Good practice is to ask the individual/s involved in person or phone if it was indeed them asking for the information.