If you have an email address, you may have received phishing emails, but how do you recognize scams and not get fooled?
Nowadays, providers like Google or Microsoft are increasingly experts in classifying emails and often end up in the SPAM folder before they can fool some users. Still, they are not blocked other times and could deceive even the most experienced.
It happens more and more often than people (even the less naïve, if you were thinking about this) are being targeted by cybercriminals via emails designed to appear to be addressed by a legitimate bank, state agency, or one of the many companies we are in. register to shop online.
In these communications, the hackers ask the unfortunate recipients to click on a link that takes them to a page where they are asked to confirm personal data, payment information, etc.
The most common consequences are losing access to the account and clearing the current account.
It is increasingly difficult to distinguish true from false, so we have decided to make a list of the variables to consider when judging the authenticity of email communication.
What Is Phishing?
Phishing is a technique by which hackers persuade you to provide your personal information or payment information. Once they get the information, they use it without your knowledge, empty your account, and steal your sensitive data.
THE Story Of Phishing Emails
The first phishing emails were very creative; remember the one that started with “Greetings from the son of the Prince of Nigeria.”
In recent times, people have learned that there is no prince to contact you via email, and scammers are becoming more and more adept at faithfully reproducing the graphics and texts of the companies we are used to receiving messages from.
It is increasingly difficult to distinguish a fake email from an authentic one. But most are not perfect and can still be distinguished.
Let’s see eight variables to take into consideration:
Companies Do Not Ask For Your Sensitive Information In Genuine Emails
When you receive unsolicited email communication from a business or government agency where the sender provides a link or attachment and asks you to provide sensitive information, it is most likely a scam.
It is rare for a company or authority to ask for your password, card number, social security number, or other sensitive data.
Genuine Senders Usually Know Your Name
Fraudulent emails typically start with “Dear User,” “Dear Account Holder,” or “Dear Customer.” If a company needs to have your information, it will almost certainly call you by name and ask you to update your information directly on your account.
Legitimate Companies Use Their Own Domain
We are almost always distracted by the content of the communication, and we lose sight of the sender’s address. Sometimes the latter is artfully created and deceives us. Check the domain of the email address.
Make sure it exactly matches the company or entity concerned. The correct address with the domain amazon.it will be, for example, email@example.com. An address firstname.lastname@example.org will not belong to Jeff Bezos’ company and will probably be the work of some attacker.
This is not always foolproof as some companies use multiple domains. In any case, remember to be wary of domains with a name that appears ambiguous.
Authentic Emails Are Written In Correct Italian
Communication wrote in confused Italian certainly seems worrying. The most immediate way to recognize a scam is, in fact, grammar.
Companies Do Not Force You To Visit Specific Pages On Their Website
Often, hypertext links are inserted within phishing emails that refer to web pages explicitly created by scammers to download SPAM on your PC or smartphone.
Companies Do Not Send Unsolicited Attachments
If you have requested an email, you don’t have to worry. On the other hand, unsolicited communication should give you doubts, especially if it contains attachments.
It is very difficult for institutions to send you emails with attachments randomly. Precisely for security reasons, they invite you to download the materials through their website.
Corporate Links Changed
We have already talked about domination. The same argument is also valid for the links in the email’s text. You can often find links within the communication that corresponds to a different link once clicked. Always check the addresses by hovering the cursor over the link and ensuring the addresses are identical.
In recent years, the secure protocol HTTPS has also been used: make sure that the addresses begin with this wording, and if the URL of a hyperlink doesn’t seem safe, don’t trust it.
Sense Of Urgency
The last but not the least way to recognize phishing emails is to notice the sense of urgency imposed by the sender. Hackers use this psychological lever to force you to act immediately (following what is written in the email). Taken by a sense of urgency, users perform actions without thinking too much—a big mistake.
Recognizing Phishing Emails: The Most Powerful Security System Is You
You can also have the most powerful antispam in the world. A naivete is enough to end up in the bad guys’ crosshairs.
The worst consequences can occur in the business, where data integrity and security can be compromised. It only takes one unaware employee to get an entire IT infrastructure in trouble.
Make sure you and your employees are fully aware of the mechanisms for identifying and neutralizing any possible security threats in the event of phishing.