Erin Reeve | |
May 2, 2018
One click. That’s all it takes for you to fall victim to an email phishing scam, putting your own - and your members'- information at risk. In this article, we will give you some tips to help you identify a phishing email scam.
Why do Phishers Phish?
In order to prevent a phishing scam from affecting your association, it is important to understand the origin of the problem - and why phishers phish. Most often, the intent is to steal personal data (such as login credentials, social security numbers, bank account numbers, etc.) for fraudulent purposes7 that usually involve stealing money.
Phishing scams don’t just affect the person that clicked on a phishing email. Once phishers have access to your computer, they can access your computer’s network, accounts, and systems. This can place your association’s entire network at risk for being hijacked and compromise the security of your members' data.
How to Spot a Fake or Phishing Email
Below is a list of common characteristics to help you detect phishing emails.
- ☠ Typos, Grammatical Errors & Awkward Syntax (including weird spacing)
- ☠ Poorly written content
- ☠ Incorrectly spelled URLs and email addresses
- ☠ Blank “To” Field
- ☠ Indirect Greeting (e.g., “Hi [blank]” or “Hi Valued Customer”)
- ☠ Asks you to provide login credentials and/or other sensitive information
- ☠ Improper Branding (does the font, images and colors align with the brand and look like legitimate emails that you have received from this company?)
- ☠ Asks you to log in
- ☠ Presents an urgent reward, request or threat and/or asks for immediate action
- ☠ In the “From” field, the Display Name and the Domain Name don’t align
- ☠ The situation feels off or doesn’t make sense. For example, the sender is asking you to sign up for a membership that you already have or pay a bill that you have already paid.
What to Do (and Not Do) When You Identify a Phishy Email
DO:
- Call the company directly to (1) ask them about the legitimacy of the email and/or (2) notify them that they are being impersonated by a group engaging in a Phising scam.
- Mark the email as “Spam” in your email client.
- Submit a complaint to the Federal Trade Commission (FTC)
DO NOT:
✖ DO NOT hit reply. If you feel the need to follow up, call the number provided in the email
✖ DO NOT click on any embedded links
✖ DO NOT open attachments
For more information about how to avoid phishing attacks, please refer to the resources below.
Resources
- https://www.delcor.com/resources/blog/how-to-outfox-hackers-and-their-phishing-malware
- https://www.delcor.com/resources/blog/how-to-handle-staff-who-fall-for-phishing-emails-putting-your-association-at-risk
- https://www.antiphishing.org/resources/overview/avoid-phishing-scams
- https://blog.returnpath.com/10-tips-on-how-to-identify-a-phishing-or-spoofing-email-v2/
- https://www.cnet.com/how-to/spot-a-phishing-email/
- https://www.csoonline.com/article/3172711/phishing/5-ways-to-spot-a-phishing-email.html
- https://blog.malwarebytes.com/101/2017/06/somethings-phishy-how-to-detect-phishing-attempts/