Did you know that phishing (i.e., scam) e-mails account for about 91% of all cyberattacks? In other words, nearly every cybersecurity issue you could think of — from viruses to ransomware to full-blown data breaches — starts with users accidentally clicking malicious links in e-mails.
On the technology end, spam filters and antivirus scanners combat the threat of phishing e-mails. However, these security features aren’t perfect. Inevitably, you’ll find phishing e-mails in your inbox, and the only true “patch” is awareness.
To help you protect your sensitive information against cyberthreats, let’s review five telltale signs of a phishing e-mail and what to do when you’ve spotted a phish.
• Unexpected request
You probably recognize the sender or the content of most e-mails you receive. But with phishing scams, victims are often faced with an unexpected request. A common ploy is the e-mail from a “friend” stranded in a foreign country. S/he just needs a one-time wire transfer of a few thousand dollars to make it home safely. How often does this scenario actually take place in real life? Requests like this one are unusual for a reason. They aren’t legitimate.
Most phishing e-mails prompt recipients for action ASAP; that way, there isn’t time to process what you’re reading and doubt its veracity. But think about it: How many times have you sent an e-mail that was really urgent? Typically, urgent requests are made by phone or in person, not via e-mail. This is one of the biggest signs of a scam.
• Poor Grammar, Spelling or Syntax
Keep an eye out for typos and strange syntax, which are common features of malicious e-mails. Most phishing e-mails are sent from foreign countries, where computer crime laws may not be as strict as they are in the U.S. Even if U.S. law enforcement tracks down an attacker, the country in which the attacker resides may not cooperate. Scammers are much safer attacking us from abroad. Fortunately, their language can be a dead giveaway.
• Suspicious Hover-Over Link Attackers want to convince you that you’re going to a legitimate website, when instead they’re sending you to a malicious link that could install malware on your computer or trick you into revealing your password. If you hover over a link within an e-mail and the URL doesn’t match the description of the link, it might be a phishing site. When the URL doesn’t look familiar, don’t take a chance. If the e-mail regards an online account that you log into regularly, simply open up a new browser window and log in as you normally do (but don’t click that link).
• Asks for Sensitive Information Phishing e-mails often ask you to “verify” your credit card number, Social Security number or account password, which legitimate services wouldn’t do. Never share sensitive information through e-mail.
Don’t Take the Bait
Now that you know the signs of a phishing e-mail, what should you do if you spot one? It’s simple: Just delete it. Many users feel compelled to report phishing e-mails to someone else, whether it’s a coworker or the e-mail service provider, but if a suspicious e-mail is forwarded, it’s more likely that the malicious link will be clicked. If we all get in the habit of recognizing and deleting suspicious e-mails, phishing will become a weaker threat altogether.
Sometimes, detecting phishing e-mails can be tough, even when you’ve seen a million before. Here are two recommendations to keep in mind: If you’re unsure, press delete. If an e-mail is causing you to hesitate, it’s probably because something is “phishy.” Trust your gut.
In the event that you accidentally delete a legitimate e-mail, the sender will get in touch with you again, at which point you’ll have more information to work with. Verify with the sender “out of band.” In other words, simply call the sender. Don’t use a number provided from the e-mail, because it could be fake. If you don’t have the actual number on hand, try researching the official website of the business or individual.
Many phishing e-mails tempt recipients with irresistible offers, but here’s a legitimate deal: Keep these five signs in mind when checking your e-mails, and you’ll be taking a major step toward ensuring that cyberattacks can’t reach your networks.
Gary S. Williams, CFP, CRPC, AIF, is president and founder of Williams Asset Management, in Columbia. He can be contacted at 410-740-0220, [email protected] and www.WilliamsAssetManagement.com. For information about his book, “The Art of Retirement” (with the foreword by NFL Legend Ronnie Lott), visit www.theartofretirement.org.