Phishing has become a popular form of cybercrime. Cybercriminals have been successful in obtaining personal information from people by sending emails, text messages, direct messages on social media, or in video games.
The best defense is awareness and knowing what to look for.
- Threats or urgent call to action – Be wary of emails that insist you click, call, or open an attachment right away. They frequently claim that you must act immediately in order to receive a reward or avoid a penalty. Creating a false sense of urgency is a common phishing and scam technique. They do this so you don’t have to think about it too much or consult with a trusted advisor who might warn you.
- New or infrequent senders -While receiving an email from someone for the first time is not uncommon, especially if they are outside your organization, this can be a sign of phishing. When you receive an email from someone you don’t recognize or that Outlook identifies as a new sender, take a moment to carefully review it before proceeding.
- Spelling and bad grammar – Professional businesses and organizations typically employ an editorial staff to ensure that their customers receive high-quality, professional content. If there are obvious spelling or grammatical errors in an email message, it could be a scam. These errors can be the result of an awkward translation from a foreign language, or they can be deliberate attempts to avoid filters that try to block these attacks.
- Generic greetings – A company that works with you should know your name, and it’s simple to personalize an email these days. If the email begins with “Dear Sir or Madam,” it’s a red flag that it’s not from your bank or shopping site.
- Mismatched email domains – If an email claims to be from a legitimate company, such as Microsoft or your bank, but is sent from a different email domain, such as Gmail.com or microsoftsupport.ru, it is most likely a scam. Keep an eye out for subtle misspellings of the legitimate domain name as well. Like micros0ft.com, where the second “o” has been replaced by a 0, or rnicrosoft.com, where the “m” has been replaced by a “r” and a “n”. These are common scammers’ techniques.
- Unusual attachments or suspicious links- If you suspect an email message is a scam, do not open any links or attachments. Instead, hover your mouse over the link but do not click it to see if the address matches the link that was typed in the message. In the following example, hovering the mouse over the link reveals the true web address in the yellow-background box. The string of numbers does not resemble the company’s web address.
𝐈𝐟 𝐲𝐨𝐮 𝐠𝐞𝐭 𝐚 𝐩𝐡𝐢𝐬𝐡𝐢𝐧𝐠 𝐞𝐦𝐚𝐢𝐥
- Never open any attachments or links in suspicious emails. If you receive a suspicious message from an organization and are concerned that it may be legitimate, open a new tab in your web browser. Then, either from a saved favorite or a web search, navigate to the organization’s website. Alternatively, call the organization using a phone number found on the back of a membership card, on a bill or statement, or on the organization’s official website.
- If the suspicious message appears to come from a person you know, contact that person via some other means such as text message or phone call to confirm it.