Check Point Research outlines six(6) steps to avoid falling victim to Phishing Scams
Threats or a Sense of Urgency – Emails that threaten negative consequences should always be treated with skepticism. Another strategy is to use urgency to encourage or demand immediate action. Phishers hope that by reading the email in a hurry, they will not thoroughly scrutinize the content and will not discover inconsistencies.
Message Style – An immediate indication of phishing is when a message is written with inappropriate language or tone. For example, if a colleague from work sounds overly casual, or a close friend uses formal language, this should trigger suspicion. Recipients of the message should check for anything else that could indicate a phishing message.
Unusual Requests – If an email requires you to perform non-standard actions, it could indicate that the email is malicious. For example, if an email claims to be from a specific IT team and asks for software to be installed, but these activities are usually handled centrally by the IT department, the email is probably malicious.
Linguistic Errors – Spelling and grammar errors are another sign of phishing emails. Most companies use spell check, so these typos should raise suspicion because the email may not originate from the claimed source.
Web Address Inconsistencies – Another easy way to identify potential phishing attacks is mismatched email addresses, links, and domain names. It’s a good rule of thumb to always cross reference previous communication with the email address.
Recipients should hover over a link in an email before clicking it to confirm the actual link destination. If the email is believed to be sent by The U.S. Postal Service, but the domain of the email address does not contain “usps.com”, that is a sign of a phishing email.
Request for Credentials, Payment Information or Other Personal Details – In many phishing emails, attackers create fake login pages linked from emails that appear to be official. The fake login page typically has a login box or a request for financial account information. If the email is unexpected, the recipient should not enter login credentials or click the link. As a precaution, recipients should directly visit the website they think is the source of the email.
