About 1% of all emails sent are malicious. They may not sound like a large number until you realize how many emails are sent a day. In 74% of all breaches, human factors played a role in falling for social engineering tactics, mistakes, or misuse amounting from 3.4 billion phishing emails sent each day.
What is the point of orchestrating a complicated hacking campaign and using complex tools if you can send a malicious link in an email or text message to gather the information you need willingly. Phishing emails are easy to create, send out, and the use of AI is making the emails more believable for people like us to fall for.
When you get a call for your cars extended warranty everyday or an update to your insurance policy needs your attention, you may wonder why they keep sending these campaigns out. It is because they work! All they need is just one person to believe it out of 3.4 billion people.
Let’s work together to bring that percentage down and make sure these hackers are working for our confidential information shall we. Let’s identify the warning signs in phishing attempts so you can determine what is legitimate vs what is malicious. I have created the acronym “FRIENDS?” to help you remember the red flags to look for. These tips are not just for finding red flags in emails. These tips can help you catch scammers in phone calls, text messages, or even in person.
Feelings – Does this email make you feel scared, happy, sad, or even erotic? Scammers will always find ways to get you to click on something and the one fault in all humans is emotion. Are you scared that if you don’t reply or act something bad will happen, is it congratulating you on a contest you didn’t even apply for, is it referring to an ongoing search for a lost puppy in your area or is it a fake online girlfriend/boyfriend that gives you a link to their naughty pictures. You must understand the purpose of the email and try not to act on the immediate feelings you get.
Recognize – Do you recognize the sender? To determine if it is a phishing attempt or not, a good first step is to find out who is contacting you, and most importantly are they who they really say they are. If you have a service rep at Lowes that you always do business with, but someone else claiming to work at Lowes calls you, there is nothing wrong with politely hanging up and contacting your main rep to determine legitimacy.
Imminence – Is this email creating a sense of urgency? Is the potential phishing attempt creating a sense of urgency when they are contacting you. Nobody in their right mind will call or email you out of the blue and request you do something immediately. If someone you know does this, it’s time to rethink the relationship. Always slow down and think of a response and then act.
Expected – Where you expecting the email, phone call, or text? If you receive a message from someone you do know, make sure it is expected behavior. My Lowes service rep is not going to send me advertisements for Menards great low prices. So just because you know the person, make sure the behavior is normal.
Inconsistencies – “In” sounds like “n” so bear with me. If you hover over a link in an email, it shows the destination “URL” that it is going to. If I receive an email from my service rep at Lowes and the link for a coupon includes something like “www.lomes.com/coups”, I will not click on the email. I will also be letting my service rep know of the email as his email may be compromised.
Deal – Is there an action needed in a form of a Deal? This would go along with Imminence in most cases. Is the action asked of you in some form of unofficial agreement. Are they stating, “If you click on this link to reset your Lowes password, you account will not be deleted” or “If you provide your SSN, you won’t get kicked out of your home”? This to me is the defining factor for me if the phishing attempt has some other red flags above and I’m still not sure. This “deal” may not be valid and my account or living situation is just fine.
Spelling and Language Errors – Is there any spelling/language errors? A very common mistake in most phishing attempts is poor grammar. Phishing attempts are usually done by oversees individuals who may not know your language very much. Although, this could be considered a bad example as a red flag for a phishing email because everyone misspells stuff in their emails and texts. Just be on the lookout for any spelling or grammatical errors as this email could be online generated or translated from a different language.
Using these tips can help you stop and think about the potential phishing scam you just received and help you determine the legitimacy of the message. If you have any more tips please feel free to comment and Thank You for reading.
Leave a Reply