Phishing is a type of online scam where hackers send an email that appears to be from a legitimate and trusted sender, tempting you to provide sensitive information, click on a malicious link or download a malware-infected file. Falling for their traps can put you on the hook for some major security damage.
To protect yourselves from phishing scams, here is a sample phishing mail with clues on how you can identify one by looking at its content:
Sense of Urgency
Hackers like to instil fear, anxiety and urgency to trick you into making impulsive reactions. If the email or subject contains words that create urgency, or comes with exclamation marks, it is most likely a spam mail.
Spoof/Fake email address
When receiving any email, even if it looks like it is from your regular sender, do look out for the sender name, domain and email address. Scammers could fake a domain or email by slightly changing their spelling, e.g. email@example.com to firstname.lastname@example.org.
A brand will never risk making a bad impression with spelling errors. That said, if you receive an email that contains more than two or three grammatical mistakes, or if it is poorly written, it is possibly a spam mail.
Scare tactics/Existing Offers
Beware of emails offering rewards, cash prizes, etc, and those that attempt to threaten you, such as asking you to click on a link or your email account would be terminated. These are all spam mails, designed to tempt you into clicking a button or link in the email, which could lead you to phishing sites, tapping your personal information.
Hover over shows malicious link
If an email contains links, hover your mouse over the link (without clicking) to see the full URL. If it does not match the context, it is probably a malicious link. Beware of slight alterations to URLS that you visit frequently, too. For example, http://companyabcsite.com might appear as http://companyabsite.com.
Request for personal or sensitive information
A legitimate company and bank will never ask you for personal and sensitive information – such as identification number, username and password – over email. If you receive any email that requires these information, no matter how genuine it seems, send it to the trash right away.
Never open or download an attachment from an email unless you know what they are. If you happen to know the sender and choose to download the attachment, it is a good practice to always scan it using antivirus software. If you have doubts, contact the sender to verify if the attachment is genuine.
If you detect a suspicious email, it is best to remove it immediately from your mailbox. Never respond to it. If you need clarification, you can always consult your email service provider for further assistance.