No matter how secure your network is, the first line of defense is always your employees. They are the gatekeepers to your network – deciding which emails are opened and allowed in. Hackers know that they can’t do anything until they get inside. Just like someone who wasn’t invited to the party, they will pretend to know someone, pretend to be someone else, or make up whatever other lies they can to get inside. In the computer world, those fake and malicious emails are called “phishing emails.” Because of how dangerous they can be, the ability to recognize phishing emails is critical to network security.
Here are some things to look for to help you and your employees determine if an email is legitimate, or a party crasher.
- Make sure the email is something you were expecting to get. Unsolicited requests, invoices, and links should be suspicious.
- Hover your mouse over every link before you click it. You will see a small popup that tells you where the link goes. Make sure the link goes to the correct place before you click. One way to always be safe is to navigate to the website yourself in your browser and don’t click the link at all.
- Double check the email address that the email is coming from. Sometimes fake emails will use addresses similar to real sites (e.g. “Techgem.com” instead of “techgen.com”)
- Did they misspell my company name or make other mistakes on the email? Do they use a generic name instead of mine?
- Do you know the person sending the email? Is this the type of email they usually send? Look at the signature of the email and make sure it matches their usual signature. If their identity is in doubt, you can always call them and verify the authenticity of the email.
- Phishing emails will try to make you click without reading. Check to see if the email implies urgency or extreme importance. For example: “IMMEDIATE ATTENTION – YOUR ACCOUNT WILL BE CLOSED”
- Look for misspellings and poor grammar. Many people who send phishing emails don’t speak English as a first language.
- There can be other, subtle red flags. For instance, does the email have a strange subject line, signature, or layout?
Sometimes, a legitimate email may have one of the above, but by looking at a combination of the above, you can usually tell a phishing email from a normal one.
Attached below is an example of a real phishing email, with the suspicious features we used to identify it pointed out. Take a look at how we applied the tips mentioned above.
Stay safe out there.