Cybercriminals currently use emails to attack their targets (businesses or individuals). The sender deceives his recipient through the forms of email, which makes believe in a professional email from a bank, a legitimate organization or a government agency. The cybercriminal asks the recipient to click on a link redirecting to a page, to which he will confirm his data and personal information, and the trick will be done. This technique, called « phishing » , consists in extracting information or data from your account in order to defraud you. Once the hackers have them, they can create new identifiers on your account or get your sensitive information by installing malware.
So, how to recognize phishing emails? To answer this question, we will show you the various clues that can help you determine the fraudulent nature of emails coming from cybercriminals.
1. Phishing emails are usually misspelled
The first way to recognize a scam email is to check the quality of its spelling. A reliable professional mailbox rarely sends emails containing bad grammar or spelling, unlike crooks who are not organized enough for these small details. It is therefore easier to distinguish between a typo from a real sender and an error made by a scammer. In fact, scammers use translation tools or spell checkers to write their message, and these tools can give them the right words, but they don’t necessarily fit in the right context.
2. A reliable company does not ask you for sensitive information by email
When an institution asks you by email to provide sensitive information via a link or attachment, there is a good chance that it is a phishing scam. Indeed, a legitimate company will not ask you to share information about your bank details, your passwords, your tax numbers, etc. on the internet. This is an unsecured method that requires a lot of vigilance.
3. A trusted company calls you by your name
A company that collaborates and processes important information with you will not use generic messages in emails, such as “Dear account holder..” , etc. In principle, the company will call you by your name in the email and ask you to call them back by phone or to come directly to their headquarters for example. This last point is important, because there are emails that look perfect and some scammers know the name of their target, so it will be an additional way to ensure the reliability of the email.
4. A reliable company does not require you to access its website
Sometimes a phishing email is coded as a hyperlink to access the sender’s website. However, clicking (accidentally or not) on the email and landing on a web page will download spam to your computer or expose you to a vulnerability to hacking.
5. Phishing emails usually contain illegitimate and strange links
An email from a company may sometimes contain a hyperlink to another page. How to recognize phishing emails in this case?
The first thing to do is check your URL! The link may well tell you that it will direct you to such a page, but it may lead you to a site that is trapped. You must therefore ensure that the URL displayed is consistent with that displayed when you hover over the link with the mouse cursor (without clicking it). If the links are different, chances are you will be directed to a site you do not want to visit. Don’t trust a hyperlink that you don’t know or that doesn’t seem to fit the context of the email. Also, you can increase your vigilance by checking that the proposed link starts with https://.
6. Email creates a sense of urgency
Scammers know that the longer you wait to respond, the more you will notice inconsistencies or things that don’t seem reliable. For example, you may find that the email address is not your usual contact, or that you learn that your contact has not sent you an email, etc.
For an example of a sense of urgency, the scammer can impersonate the company’s boss and send an urgent request to an employee. Indeed, he knows that the employee will immediately execute his orders, which is why it is always essential to check the address of the sender and the content of the email.
7. Fake invoices : one of the main risk for your finance team
There are multiples red flags a finance team should be on the look-out for when receiving an email containing an invoice.
Any request for PII (personal identifiable information), unusual request or amount are the main warning signs.
But as scamming and phishing are becoming more and more advanced, scammers will use technics to ensure that they are successful. Illegitimate and suspicious links should be avoided at all cost. Some companies have reported that phishing emails contained hidden links.
Unfortunately, even trusted sources should be viewed as potential phishing. Scammers will create almost identical emails to fool your team into believing that the email is coming from a usual vendor.
Limiting Phishing: How to do so?
Cybersecurity in companies is now a key challenge for finance departments, and more broadly for all teams. In order to avoid identity theft and not be tricked by a phishing attack, solutions exist. Trustpair assists you in automating your third party controls by verifying the association between a beneficiary and a bank account. This way, if your company is a victim of a phishing attack, you will be alerted in real time of the threat. Trustpair helps you make decisions easily to always pay the right third-party on the right bank account.