The first quarter of 2016 witnessed a dramatic rise of phishing emails with malicious attachments. By the end of 2015, the number of phishing scams began to grow. By the end of Q1 2016, this growth took a sharp upturn.In an alert issued on April 4th this year, FBI warned about the dramatic increase in business email scams. These so-called “CEO Scams” are emails sent from an identity that poses to be the CEO, a company attorney or a trusted vendor. According to this alert, the average loss per scam is more than $25,000, to say the least. With over 79 countries along with U.S. filing complaints of phishing emails, it is important to get acquainted with tips to avoid such scams.
Defence Mechanism for Companies
The best way to avoid phishing attacks, companies are blocking malicious emails with DMARC (Domain-based Message Authentication Reporting and Conformance) standards. These emails are blocked by the companies even before they reach the inboxes of their users. Courtesy the growing amount of threats, brands must join hands with a vendor capable of providing email threat intelligence data. Such data will give brands more details about such attacks that go beyond the DMARC. For instance, scams that use stains a brand by using domains outside the company’s control.The best way to avoid email phishing attacks is through implementation of proper DMARC records. Click To Tweet
Despite so many efforts, some phishing emails do end up into the users’ inboxes. These messages are so compelling and convincing that over 97 percent users agree to have believed them. These days, phishing emails are also highly sophisticated that eliminates any chances of suspicion.
11 Tips to Identify Phishing Emails
This means the need of the hour is to educate users about the minute pointers that can save them from falling for a phishing email. Here are eleven tips that can come handy for everyone.
#1. The display name can be fake
One of the most preferred ways to fake is the display name of an email. It has been researched and revealed that most of the phishing emails spoof the brand in the display name. For instance, supposedly a fraudster wants to spoof a bank. Let’s assume the bank name to be “my bank”. The email will look something like this:
Now, “secure.com” domain is not owned by My Bank. Although My Bank has set the DMARC policy to reject emails that fail to authenticate, this email will not get blocked. When this email reaches the user’s inbox, it will be difficult for the user to identify it as a scam. This is because you only see the display name in your inbox.
Display names can be fake. It is important to check the email address in the header ‘from’. If the email looks suspicious, ignore or delete the email asap.
#2. Check before you click
Before you click on an in-mail link, hover your mouse over it. See if the link looks suspicious. You can also test the link. Just open a new tab and type out the website address. You will know whether this is malicious or not immediately.
High alert advice: Do not click on links that look suspicious.
#3. Spelling mistakes are unforgivable!
No brand will risk in making a brand impression with spell errors. Spell and grammar errors are a strong pointer to a scam email. Same is the case with grammatical errors. The main highlight is, a brand will never make such mistakes. So, if you see a spelling error or feel the grammar be odd, report immediately.
#4. Addressed to “Valued Customer”? Avoid
Personalisation is being taken very seriously by brands. Every brand is trying to incorporate personalization into their email campaigns to connect better with their users. If your email is addressed to a “Valued Customer” rather than you (addressed to you by your name), you know it’s a scam.
#5. Refrain from sharing personal details
Legitimate brands and banks will never ask for your personal information. Any email that requires you to reply with sensitive personal information just put them into trash asap.
#6. “Urgent” emails are a threat
Why would a brand try to scare you? A brand will always be humble! That’s how customer support works. So, if you see an email with a subject line that invokes a sense of urgency or fear, beware.
#7. Look out for the signature
Legitimate brands will always include their name or contact details. They would always want their users to communicate with them. If you see no signature or weird signature, then it is a phish.
#8. Review before you click on attachments
Phish emails mostly contain malicious attachments that contain viruses and malware. These can damage your computer, get access to your passwords or spy on your web activities without your knowledge. Do not open attachments about which you have no idea or you are not expecting to receive.
#9. Email domains can be spoofed too!
Not just display names, but also the email domains can be spoofed. Fraudsters manipulate email domains. So, you need to be extra careful.
For example; you have account with PayPal and you are receiving email from email of format @payypal.com about resent of your password; then, you must check the email sender domain name before you take any action.
#10. Everything you see is not real
Phishing is not that easy to detect. Fraudsters are pretty good in camouflaging their manipulations. The email address may seem valid, and the display name might look real- but they may not be legitimate. Having a sceptical approach to unknown emails is safe. Many a time fraud / phishing emails appear to be sent from Government organizations, non-profits and well know company brands / person.
#11. Browse the Internet from Anti-phishing Enabled Browser
Last but not least you must browse the internet or open any links from the email into browsers which have built in protection to alert about phishing emails/ links; the range of these safe browsers include Google Chrome, Internet Explorer, Firefox Mozilla, Safari, and Chrome.
How Phishing Emails Impact Email Marketing?
Due to the implication of DMARC standards; mailbox providers have also started to implement this format to their mailbox users and have begun showing information about the authenticated security of the received from email domains. So, going forward email marketers should also lay emphasis about the implementation of DMARC standards to their sending domain names. Further, marketers should also confirm with their respective email service providers to encourage the use of DMARC standard in sent emails.
Having DMARC standard followed correctly on email sending domains increases the probability of the email landing in inbox of subscriber.
If you get an email that looks remotely suspicious, ditch it immediately and feel free to mark those suspicious emails as spam. Better safe than regretting!