Email-based cyberattacks can have disastrous effects on businesses, leading to loss of data, financial damage and a decline in customer trust. Small businesses especially are vulnerable to attacks on email because they often lack the necessary security, and small-business owners may believe their companies are too small to be a target.
A phishing email is an email sent to a recipient with the objective of making the recipient perform a specific task, such as clicking a link or opening an attachment, which can give the attacker access to information. Cofense offers the following common characteristics of phishing emails that should raise suspicions.
- Emails demanding urgent action. Phishing emails threaten a negative consequence unless urgent action is taken; attackers use this approach to rush recipients to act before they study the email for potential risks.
- Emails with bad grammar and spelling mistakes. Many companies apply spellchecking tools to outgoing emails by default to ensure their emails are grammatically correct.
- Emails with an unfamiliar greeting. Emails exchanged between co-workers typically have informal greetings. Those that start with “Dear” or contain phrases not usually used in informal conversation are from sources unfamiliar with your company’s style of office interaction.
- Inconsistencies in email addresses, links and domain names. Does the email originate from an organization you correspond with often? If so, check the sender’s address against previous emails from the same organization. Determine whether a link is legitimate by hovering over the link to see whether the domain name matches the company sending the email.
- Suspicious attachments. Most workplaces now use collaboration tools such as SharePoint, OneDrive or Dropbox to share files. Therefore, internal emails with attachments always should be treated as suspicious.
- Emails requesting login credentials, payment information or sensitive data. Spear phishers can forge login pages to look like the real thing and send an email containing a link that directs the recipient to the fake page. Do not input any information unless you are 100% certain the email is legitimate.
- Emails that are too good to be true. These emails incentivize the recipient to click on a link or open an attachment by stating there will be a reward. If the sender of the email is unfamiliar or you did not initiate the contact, this likely is a phishing email.
