Email phishing poses a huge threat to both individuals and organizations who heavily rely on email for communication. It is one of the methods cybercriminals use to commit wire fraud and pilfer sensitive information from unsuspecting victims.
Incredibly, phishing attempts are so prevalent that Google reports blocking a staggering 100 million phishing emails every day. In fact, nearly 1.2% of all emails sent are malicious, which, if you do the math, amounts to 3.4 billion fraudulent emails daily.
With this digital phishing scheme, almost anyone is a target, regardless of how tech-savvy they are. Take, for example, the Nordea bank incident, dubbed the “biggest online bank heist” by security giant McAfee. In this attack, hackers sent spam emails to bank customers, each containing the “haxdoor” Trojan disguised as anti-spam software. The Trojan featured a keylogger, which, upon installation, captured the victims’ login credentials when entered on a fake bank website they were redirected to.
This single act resulted in significant losses, with victims—including those with enough technical know-how to spot a scam—losing over 7 million kronor. It is, therefore, imperative to understand that no one is completely immune to this vicious cybercrime, so you need to know at least a few common red flags that indicate a potential email scam.
Mismatched URLs, Domain Names & Email Addresses
If you carefully pay attention to URLs, domain names, and email addresses, it’ll be practically impossible for hackers to pose entirely as your bank, subscription service provider, or any other entity in need of sensitive information—except they spoof these identifiers. It takes the geniuses among these cybercriminals to imitate, for instance, a valid URL identifier using Unicode characters that are identical to the regular ASCII.
Other than that, you’ll mostly come across URLs with replaced characters. In the same vein, domain names and email addresses of phishing emails may be slightly different from what you’d expect—for example, the address ends with “gmail.com” instead of “@companydomain.com.” Misspellings in the domain names aren’t unheard of either, as Netflix.com could actually be Neftlix.com, and you won’t even notice a thing if you aren’t careful.
Spelling and Grammar Errors
While malicious URLs, domain names, and email addresses are intentionally modified by clever but devious minds to imitate legitimate sources, the same can’t be said about poorly constructed emails. Most phishing emails, especially from countries where English isn’t a native or official language, usually contain a bunch of spelling errors, typos, and grammar mistakes.
Those are tell-tale signs that you shouldn’t ignore, as they quickly give away malicious intent. While mistakes do happen, scammers will most likely not spot or correct all errors that may expose them. Quite a handful of them take the time to proofread and refine the dozens of emails they write daily before sending them.
Generic Tones or Greetings
A professional email will always have a personalized tone to it, with the sender mentioning the recipient’s full name in the greeting or a previously used username or account number, if applicable. Scammers, on the other hand, will use generic greetings like “Dear Sir/Madam” or “Hello, User.” If a “legit” company writes to you in this manner, it’s often a sign of a mass mailing, which doesn’t instantly imply phishing but is an indicator that the sender may not have your best interest at heart.
Scammers often use this lack of personalization to reach as many unsuspecting victims as possible. This is similar to sending a generic cover letter to hundreds of companies while applying for a job. It saves time and energy but lacks the effect of a personalized message, as a scammer has to consider every recipient as a potential victim.
This is quite straightforward. If you don’t recognize the sender of the email, that’s a red flag. Most phishing emails come from unknown senders who have no connection to you whatsoever. These emails might have subject lines that will try to convince you that you know the sender, like “Remember me?,” “Re: Follow up on your query,” or “Hey man, check this out.”
In some cases, you might receive emails from known senders whose accounts have been compromised. However, when you read the content, you can sense that something is off, especially if it’s filled with errors, asks for personal information or payment to an unfamiliar account, or requires you to download an unusual file.
Threats or a Sense of Urgency
Another obvious but sometimes overlooked sign of a phishing email is when it contains threats, warnings, or a sense of urgency. These can be as outright as “You have 48 hours to verify your account details, otherwise your account will be closed” or “Please update your information here to ensure uninterrupted service.” Such emails trick recipients into acting hastily without taking time to analyze the situation.
How to Avoid Falling Victim to Email Fraud
As much as it’s important to understand the common signs of email fraud, you also need to know what preventive measures to take to protect yourself from it. Here are ways to do so:
Verify the Sender’s Identity
Always take a few minutes to verify the sender’s identity using Nuwber if you’re not sure who it is. Simply type in the email address you’re contacted from and wait for the results. You’ll find the person’s full name, age, location, and even criminal records if they have any, which will help you understand if they can be trusted.
Be Skeptical of Links
Hover over links in emails to preview the URL before clicking. Ensure it matches the expected website. If in doubt, visit the site directly by typing the address in the search bar.
Keep Your Software Updated
Regularly update your operating system, antivirus software, and other applications. This helps patch vulnerabilities that scammers may exploit.
Turn on Two-Factor Authentication (2FA)
Enable 2FA wherever possible to protect your email account from hackers and other malicious actors.
Use a Reputable Email Service
Choose a reliable email service provider like Gmail or Yahoo Mail with strong security features that can help filter out potential phishing emails.
There is no limit to how creative cybercriminals can be when it comes to email fraud, and anyone can fall victim to it. That said, knowledge is power, and understanding the common signs and implementing the suggested preventive measures will go a long way in keeping you and your information safe.