Below are 8 red flags to watch for if (and when) you receive a suspicious email. Keep this quick checklist handy at your desk, you never know when bait will hit your email inbox.
1. CHECK THE “FROM” EMAIL ADDRESS FOR SIGNS OF FRAUDULENCE
Make sure to cross-check the email domain on any suspicious email. This is the name after the @ symbol in the email address. It should match the name and company of the attempted sender (be on the lookout for minor misspellings!). If you are unsure, try looking up the company’s email domain through a search engine.
2. WATCH FOR MISSPELLINGS AND INCORRECT GRAMMAR
Hackers and scammers tend to use online translation machines that don’t return perfect grammar or spelling, making misspellings and incorrect grammar common characteristics of phishing emails. Take a quick look through every email you receive for these kinds of identifiers.
3. BE SUSPICIOUS OF HYPERLINKS
If you receive an unexpected email to your inbox, it is best practice to check all the hyperlinks before clicking on them. Occasionally, both the sender and the body of the email can appear legitimate, but the phish is hidden in the links. If you hover over each link, check if the URL leads to the website you would expect based on the sender. For example, if you receive an email from Bank of America, the hyperlinks should bring you to bankofamerica.com.
4. BE CAREFUL WITH ALL ATTACHMENTS — AND DO NOT OPEN QUESTIONABLE ONES
This might be the most important rule – do NOT open any attachments until you are 100% sure the sender is legitimate. If the email is indeed a phishing attack, the attachment will contain malware that will be exposed to your computer the second the document is opened. It doesn’t hurt to check with your IT team or contact the sender through an alternative channel for them to verify the attachment.
5. BE SKEPTICAL OF URGENCY — IT’S A COMMON CHARACTERISTIC OF PHISHING
Rewards or scare tactics are two common phishing approaches that demonstrate a sense of urgency to get you to click faster. A few examples include offering a monetary reward or demanding account reactivation as soon as possible. Or, by imitating your boss’s email address, a phisher can use their authority to scare you into opening a harmful attachment. Either way, take pause before clicking on these “urgent” emails.
6. PROTECT YOUR PERSONAL INFORMATION
Legitimate companies will never ask for sensitive or personal information over email. If any credit card information, social security number, etc, is requested, do not provide it. If you need validation, try calling the company’s customer support number to confirm whether the request is legitimate. And be sure to look up the phone number yourself, rather than calling any phone numbers found in the email you received.
7. CONSIDER THE TIME & DATE
View with caution any emails that land in your inbox outside of business hours. Since phishers may be working in a different time zone than you, their bait could hit your inbox in the middle of the night. This small detail, paired with any other red flags on this checklist, could help you spot a phishing attempt.
8. TRUST YOUR GUT FEELING
Trust your intuition more than anything. As humans, we are good at picking up deviations to normal patterns in our daily life, especially when they may cause danger to us. If you have even the smallest feeling that the email is not legitimate – even if you can’t exactly articulate WHY you feel that way – ask your IT team or MSP. Trust us, they would much rather take a few minutes to confirm a legitimate email than spend days or weeks helping the company recover from a ransomware attack!
What to do if you open a phishing email
Oops! You took the bait and clicked on that suspicious email. Don’t worry; it happens to the best of us. The important thing is to act quickly and follow these steps to minimize potential damage:
- Disconnect from the Internet Immediately
If you suspect that you’ve clicked on a malicious link or opened a suspicious attachment, the first thing to do is disconnect your device from the internet. This will help prevent any malware from spreading to other devices or accessing more data. - Do Not Enter Any Information
If the phishing email led you to a webpage requesting personal information, do not enter anything. Close the webpage immediately to avoid further interaction with the phishing attempt. - Alert Your IT Team or Managed Service Provider (MSP)
Notify your IT department or MSP right away. They are equipped to handle these situations and can help assess the risk and take necessary actions to protect the network and other devices. - Run a Full System Scan
Use your antivirus software to perform a comprehensive scan of your device. This will help identify and remove any malware that may have been downloaded. - Change Your Passwords
If you’ve entered any login credentials after clicking on a phishing link, change your passwords immediately. Opt for strong, unique passwords and consider using a password manager for added security. - Monitor Your Accounts and Personal Files
Keep an eye on your financial accounts, emails, and any other sensitive accounts for unusual activity. Additionally, keep an eye on your endpoint data, or the important files saved on your computer, to ensure nothing has been deleted or modified. Report any suspicious transactions or activities to the relevant institutions as soon as possible.
How to report phishing emails
If you would like more info on how to recognize and avoid phishing attempts, as well as how to report them, check out the Federal Trade Commission’s website here.
Want to learn more about phishing and cybersecurity? Watch the rest of our “Demystifying Data Security” video series!
Protect your files with automatic cloud backup
While this phishing checklist should help prevent some data disasters, it’s always best to be prepared in case anything goes wrong. CrashPlan’s automatic cloud backup solution sends all your new or changed files to the cloud every 15 minutes. Plus, unlimited version retention means you can restore files back to the point in time before they were corrupted, so malware doesn’t keep coming back.
Get started with a 14-day free trial and start protecting your files today. With three plans to choose from for individuals and businesses, we’ve got you covered.