{"id":26725,"date":"2023-04-17T16:57:46","date_gmt":"2023-04-17T08:57:46","guid":{"rendered":"https:\/\/www.exabytes.sg\/blog\/?p=26725"},"modified":"2023-06-22T10:30:07","modified_gmt":"2023-06-22T02:30:07","slug":"dont-fall-for-phishing-scam-emails","status":"publish","type":"post","link":"https:\/\/www.exabytes.sg\/blog\/dont-fall-for-phishing-scam-emails\/","title":{"rendered":"Don’t Fall for Phishing Scam Emails: Learn to Spot and Avoid Phishing Attempts\u00a0"},"content":{"rendered":"

\"Phishing<\/p>\n

Phishing emails<\/a> are deceptive attempts to acquire sensitive information, such as passwords and credit card numbers. They appear to be from a reputable company, but they are actually from scammers attempting to deceive you. <\/span><\/p>\n

If you fall victim to a phishing scam<\/a>, the scammers can use your information to make fraudulent purchases, steal your identity, and more. <\/span><\/p>\n

Fortunately, there are methods to recognise and avoid phishing attempts. Keep reading to learn how to avoid these scammers.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n

What is a Phish?<\/b>\u00a0\u00a0\u00a0<\/span><\/h2>\n

Understanding what a phishing email is is the first step to recognise one. The definition of a phishing email is an email sent with the ill intent of convincing the recipient to perform a specific action. <\/span><\/p>\n

The perpetrator may employ social engineering techniques to make their email appear authentic and request sensitive information such as login credentials and passwords.\u00a0\u00a0<\/span><\/p>\n

Socially Engineered Phishing Emails<\/b><\/h3>\n

Phishing emails with social engineering are the most dangerous. They are designed to be relevant to their objectives and appear authentic. The recipient is more receptive to the email and completes the specific task requested. <\/span><\/p>\n

The outcomes may be catastrophic. If the recipient visits a malware-infected website, opens an attachment with a malicious payload, or discloses their login credentials, a scammer can gain unauthorised access to a corporate network.<\/span><\/p>\n

How to Identify Phishing Emails<\/b><\/h2>\n

Oftentimes, phishing emails share common characteristics; they are frequently designed to elicit emotions such as curiosity, sympathy, dread, and greed. <\/span><\/p>\n

If a team is informed of these characteristics and instructed on what to do when a threat is suspected, the time invested in training a team to recognise phishing emails can thwart a scammer’s attacks and network infiltration.<\/span><\/p>\n

Knowing how to identify phishing emails will prevent you from becoming a victim.\u00a0\u00a0<\/span><\/p>\n

1. Emails Demanding Immediate Action<\/b><\/h3>\n

Emails that threaten a negative consequence or opportunity loss unless immediate action is taken are frequently fraudulent. <\/span><\/p>\n

This is a common tactic employed by scammers to induce recipients to act before they have had the opportunity to examine the email for potential defects or inconsistencies.<\/span><\/p>\n

2. Emails with a Strange Greeting or Salutation<\/b><\/h3>\n

Emails sent between coworkers typically contain an informal greeting. Those that begin with “Dear” or contain phrases not typically used in informal conversation are likely from sources unfamiliar with the way of office interaction used by your company, and you should be suspicious of them.<\/span><\/p>\n

3. Suspicious Attachments<\/b><\/h3>\n

The majority of work-related file sharing now occurs through collaboration platforms like Dropbox, OneDrive, etc. <\/span><\/p>\n

Internal emails with attachments should always be viewed with suspicion, particularly if they have an unfamiliar extension or one commonly associated with malware (.exe, .zip, etc.).<\/span><\/p>\n

4. Emails that ask for payment details, login credentials or other sensitive data<\/b><\/h3>\n

Emails originating from an unexpected or unfamiliar sender that request login credentials, payment information, or other sensitive data should be treated with extreme caution at all times. <\/span><\/p>\n

Targeted phishers are able to forge login pages that resemble the real thing and send an email containing a link to the fake page. <\/span><\/p>\n

Whenever a recipient is redirected to a login page or informed that a payment is due, they should not enter any information unless they are 100 percent certain that the email is genuine. <\/span><\/p>\n

5. Inconsistency in Email Addresses, Domain Names and Links\u00a0<\/b><\/h3>\n

Finding inconsistencies in email addresses, URLs, and domain names is another method for identifying phishing. Does the email originate from a frequently-corresponded-with organisation? <\/span><\/p>\n

If so, compare the sender’s address to previous emails sent by the same company. Examine whether a link is valid by hovering the mouse pointer over it and observing what appears.<\/span><\/p>\n

If an email claims to be from (for example) Microsoft but the domain name is different, it is a red flag. <\/span><\/p>\n

6. Emails that are too good to be true\u00a0<\/b><\/h3>\n

Emails that are too good to be true are those that encourage the recipient to click on a link or open an attachment by promising a reward of some kind. <\/span><\/p>\n

If the sender is unknown or the recipient did not initiate contact, it is likely that this email is phishing-related.<\/span><\/p>\n

Examples of these emails are those with email subjects, such as:\u00a0<\/span><\/p>\n