User Tools

Site Tools


faq:security:how-to-identify-phishing-mail

How to Identify Phishing Mails?

Hackers are constantly looking for ways to trick people into believing their junk emails are legitimate, hoping that you will fall for their phishing attacks that will either infect your machine with malware, steal your private information or have you make payment to them unknowingly, or unwillingly.

To protect yourself and your company from becoming a victim of phishing scams, follow these 6 ways to detect a spam out of your everyday electronic mails.

1. Sense of urgency

Hackers like to instil fear, anxiety and urgency to trick you into making impulsive reactions. If the email or subject contains words that create urgency, or comes with exclamation marks, it is most likely a spam mail.

2. Spoof or fake email address

When receiving any email, even if it looks like it is from your regular sender, do look out for the sender name, domain and email address. Scammers could fake a domain or email by slightly changing their spelling, e.g. jameswonder@somecompany.com to jameswander@smecompany.com.

3. Poor grammar

A brand will never risk making a bad impression with spelling errors. That said, if you receive an email that contains more than two or three grammatical mistakes, or if it is poorly written, it is possibly a spam mail.

4. Scare tactics/Existing Offers

Beware of emails offering rewards, cash prizes, etc, and those that attempt to threaten you, such as asking you to click on a link or your email account would be terminated. These are all spam mails, designed to tempt you into clicking a button or link in the email, which could lead you to phishing sites, tapping your personal information.

If an email contains links, hover your mouse over the link (without clicking) to see the full URL. If it does not match the context, it is probably a malicious link. Beware of slight alterations to URLS that you visit frequently, too. For example, http://companyabcsite.com might appear as http://companyabsite.com.

6. Request for personal or sensitive information

A legitimate company and bank will never ask you for personal and sensitive information – such as identification number, username and password – over email. If you receive any email that requires these information, no matter how genuine it seems, send it to the trash right away.

7. Suspicious attachment

Never open or download an attachment from an email unless you know what they are. If you happen to know the sender and choose to download the attachment, it is a good practice to always scan it using antivirus software. If you have doubts, contact the sender to verify if the attachment is genuine.

If you detect a suspicious email, it is best to remove it immediately from your mailbox. Never respond to it. If you need further assistance, please contact us at support@afteroffice.com.

faq/security/how-to-identify-phishing-mail.txt · Last modified: 2020/07/22 10:35 by vikki