Familiar Advice, but Worth Repeating
Researchers at ESET outline some security best practices to avoid falling for phishing emails. In an article for TechZone360, the researchers explain how to identify suspicious links.
“Before clicking on an embedded link in the body of an email, inspect it first!” ESET says. “Hackers often conceal malicious links within emails, and mix them with genuine links to trick you. If the hyperlinked text isn’t identical to the URL that pops up when you hover over the link, that’s a sign of a malicious link. It might take you to a site you don’t want to visit, or even install a virus on your computer. To prevent this from happening, don’t trust any unmatching URLs or links that seem irrelevant to the content in the rest of the email.”
Additionally, attackers can easily create deceptive email addresses, in some cases after compromising a legitimate server.
“Cybercriminals often create new email addresses for phishing scams,” ESET says. “Hover over the sender’s email address and make sure it matches other emails you’ve received from that person or company and doesn’t contain any additional numbers or letters. For example, johnsmith@telstra[.]com is more legitimate than johnsmith24@telstra[.]com or johnsmith@telstra24[.]com. While some companies do use varied domains or third-party providers to send emails, that’s the exception — not the rule. So, be wary of any emails with unusual addresses.”
Finally, while some phishing emails will have perfect spelling and grammar, typos and awkward writing are major red flags.
“Poorly written or grammatically incorrect emails are a dead giveaway of a scam,” ESET writes. “If you spot typos or mistakes in the subject line, don’t open the email because it could be a phishing scam. And if you read an email and it’s riddled with mistakes or odd turns of phrase, that points to a potential scam. Emails from legitimate companies are often crafted by professional writers and edited for spelling and syntax. Interestingly, many cybersecurity professionals believe that hackers write ‘bad’ emails on purpose to hook the most gullible targets.”
Phishing emails can target anyone, and attackers only need to fool one employee to gain a foothold within your network. New-school security awareness training with simulated phishing tests can help your employees recognize these attacks.