skip to Main Content

There’s Something Phishy Going On

I have warned about phishers before but you can never stress the need to be cautious. Phishing attempts are becoming more sophisticated and targeted, and with 97% of people unable to identify a phishing email, your business may be at risk.

Our CEO received this phishy email below yesterday – but how did he know it was fake? Let’s take a look at the images below and go over some tips for spotting a phishing email.

Mismatched URL Phishing Example

 

How to Spot a Phishing Email

Some phishing emails are so sophisticated that it’s hard to tell what’s real or fake these days. Here are a few tips to help you spot them:

  • The message contains a mismatched URL (the example above)
    • Hover your mouse over the top of the URL to view the actual hyperlinked address (second image above). If the hyperlinked address is different from the one that is displayed, the email is most likely a phishing attempt.
  • URLs have a misleading domain name
    • Check the last part of a domain name – it is the most telling. For example, the domain name info.applehats.com is the child domain of applehats.com because applehats.com appears at the end of the domain name on the right hand side. Conversely, applehats.com.maliciousdomain.com could not have come from applehats.com because the reference to applehats.com is on the left side of the domain name.
  • The message has spelling and grammar mistakes
    • When a large company sends out a message on behalf of their company, the whole messaged is reviewed for errors. If a message has poor spelling and grammar, it probably didn’t come from a department within a major company.
  • The message requests that you enter personal information
    • Never. Do. This. No matter how legitimate a message appears, a reputable company never sends an email asking for your account information, passwords, or answers to security questions.
  • The offer seems too good to be true
    • If it seems that way, it most likely is. Watch out for emails from people you don’t know making these hard to believe promises. It’s a scam.
  • Email message contains a threat
    • On the other side of making big promises, you have phishing scams that try to scare victims into giving up personal information. I give you a personal example of this – yes, it happened to me.
  • You’re asked to send money via email
    • No one should ever ask you to cover expenses or send money via email. If they do, it is probably a scam. Members of TA were targets for this type of phishing attempt last month – see CEO Phishing – Don’t Take the Bait.

If Something Smells Phishy….

…there’s probably a good reason why. If you receive an email that seems suspicious, it’s usually in your best interest to avoid acting on the message. If a legitimate person needs to get in touch with you, they will find another way.

Back To Top