83% of surveyed organizations experienced a successful email-based phishing attack in 2021, which is a 47% increase over the prior year. Also, business email compromise (BEC) increased by 18%, and targeted spear-phishing attacks jumped 66% last year.
Phishing attacks have become more sophisticated and harder to identify, this has many people paranoid. So much, in fact, that they’re not looking at the signs for how to identify a phishing email or phishing via other methods, like SMS.
Not taking the time to pause and check the basics of a message before reacting has helped fuel the rise in successful phishing attacks.
We’ll go through some best practices below on how to spot phishing via email and text message.
How to Spot Email Phishing
Look for Mistakes in the Sender’s Email Address
Look for any slight spelling errors in the sender’s email address. Phishing scammers will often use look-a-like domain names to fool people into thinking the message is legitimate.
For example, they might use: [email protected] (missing the “a” in foundation) because they can buy that domain, and if people aren’t paying attention, they won’t notice the difference.
Look for the Use of Subdomains in the Sender’s Email Address
Another trick that phishing attackers use to fool people is to create a subdomain with a well-known company’s name in it.
An example of a subdomain is where you see a “.” (dot) in the middle of the address, such as “emcom.bankofamerica.com.” This is not a legitimate address for Bank of America. The bank does not use “emcom” in its real domain name. But most people will be fooled by this anyhow.
Do a Search on Questionable Emails
All it takes is one Google search to see that the “emcom.” address is a fake.
Take a few seconds to search any message sender’s email address that uses a subdomain to see if it’s a known scam.
Hover Over Links Before You Click Them
Links are used more often in phishing emails these days than attachments because they can easily be hidden. They also don’t technically contain malware, so they get past antivirus scanning. But they lead to sites that either infect a device with malware or lead to a fake form designed to capture personal details like credit card information or passwords.
Hovering over a link without clicking on it can quickly reveal a phishing scam.
Look for Spelling & Grammatical Error
While they may be harder to spot in today’s more sophisticated phishing emails, you can still find spelling and grammatical errors if you take the time to really look for them carefully.
They could be hidden in the signature or just be difficult to see at first. For example, if you look at the phishing email image above that pretends to be from Amazon, you can see a spelling error in the second sentence. It says, “We confirmation that your item has shipped.” This should actually say, “We confirm that your item has shipped.”
How to Spot SMS Phishing (aka “smishing”)
Phishing by SMS is on a startling rise. Making this an important attack type to watch out for. During the first six months of 2021, SMS phishing attacks increased by nearly 700%.
Here are some ways to spot them.
Sender Isn’t Identified
If you receive a text where the sender is not clearly identified, this is a sign that the text message is phishing. For example, one recent smishing scam entailed a text message that simply said, “Thank you for your recent payment. Here is a free gift for you.” This message was followed by a link.
The sender was not identified in this scam text message.
Look for any Wrong Information or Errors
Another recent scam happened to a neighborhood that had just had new AT&T fiber cables installed. Many of the neighbors signed up for the new service. Some of them also received strange text messages pretending to be from AT&T to schedule their installation and that were asking for personal information.
One savvy neighbor noticed that some of the details on the message were wrong (such as his address) and that the SMS was asking for information the company should have already had.
You Aren’t Expecting the Message
If you receive an SMS that you aren’t expected or that purports to be from a retailer that you don’t do business with, these are signs that the SMS is a fake and is designed to lure you to a phishing site.
Additionally, watch out for SMS scams that state a package can’t be delivered to you without more details. This is another ploy scammers use to get you to give them personal information that can be used for identity theft.
Is Your Team Well-Trained on How to Identify Phishing?
Quarterly employee awareness training significantly increases staff’s ability to detect and avoid phishing scams. Data First Solutions can help your Toronto area businesses put an effective security training plan in place.
Contact us today to book a free assessment. Call 416-412-0576 or book your assessment online.