In today's digital world, email is a primary means of communication for both personal and professional purposes. But with the increasing convenience comes an alarming rate of cyber threats, and one of the most prevalent is phishing. These deceptive emails lure you into revealing sensitive information such as passwords, credit card numbers, or Social Security numbers. So how can you recognize and avoid falling prey to phishing emails? Let's dive in.

What is Phishing?

Phishing is a cybercrime where scammers pose as legitimate institutions in an attempt to trick you into revealing personal information. Typically, these are emails that appear to come from trustworthy sources like your bank, a government agency, or even a familiar retailer.

Red Flags in Phishing Emails

Misspelled Domains or Email Addresses

Always look at the domain name of the sender. Phishers often use slight misspellings or extra characters to make their email address seem genuine. For example, an email from 'info@amazzon.com' instead of 'info@amazon.com.'

Urgent or Threatening Language

Phishing emails often create a sense of urgency or panic to prompt quick action without thinking. Phrases like "Your account will be suspended," or "Immediate action required," are red flags.

Hyperlinks and Attachments

Be cautious with emails that ask you to click on a link or download an attachment, especially if you did not expect to receive them. Hover your cursor over the hyperlink to see the destination URL. If it looks suspicious, do not click it.

Generic Greetings

Most legitimate businesses will address you by your full name. Phishing emails commonly use vague greetings like “Dear Customer” or “Account Holder.”

Unusual Sender

Sometimes phishing emails will come from addresses that you recognise, but are not typical for the entity to use for communication. Always double-check the sender's email address.

Steps to Verify

Contact the Company Directly

If you're unsure about an email, contact the company directly using verified methods such as their official website or customer service number.

Check for Previous Correspondence

Look at past emails from the institution and compare them to the questionable one. Check for consistency in branding, tone, and type of information requested.

Use Web Search

Sometimes a quick web search using a trusted web search browser and the email subject line or a sentence from the body can reveal if it is part of a known phishing campaign.

What to Do If You've Been Phished

Change Passwords

If you clicked on a phishing link and provided sensitive information, change all your passwords immediately. Make sure to update passwords for sites that share login information with the compromised account.

Monitor Financial Accounts

Check your bank and credit card statements for unauthorised transactions and report any discrepancies right away.  Consider signing up for a credit report from a credit reference agency to enable you to monitor whether anyone has or attempted to take credit in your name.

Report It

Forward phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org. You can also report phishing to the Federal Trade Commission (FTC) at ftc.gov/complaint.

Use Two-Factor Authentication

As an added layer of security, use two-factor authentication (2FA) wherever possible. This can prevent unauthorised access even if your password gets compromised.

Phishing is a growing threat in the digital landscape, but you can protect yourself by being vigilant. Learning to recognize the signs of phishing emails is the first step in ensuring that you don't get hooked. Teach these practices to family and friends—especially those less tech-savvy—to make the digital community a safer place for everyone. Remember, when it comes to phishing, it's always better to be skeptical than regretful.
Michael Wills