Return to Home Page

Updated as of July 2023

Author: Allister D.

   As someone who’s worked in a security operations center I’ve come across phishing attempts on a daily basis. Some have been quite advanced and very convincing however that being said the strategies to spot a phish do not change no matter how good the attempt is. Here are some tips on how to spot a phish and how you can protect yourself.

How to Spot a Phishing Attempt

  1. Suspicious Sender Address: Phishing emails often come from an address that seems similar to, but not exactly the same as, a trusted company's address. Always double-check the sender's email. If you are not sure what the sender address should look like, do a quick google search to verify for yourself. This also goes for text messages and phone calls. If someone calls you claiming to be from your bank feel free to hang up or end the call and call them yourself directly once you have found the correct phone number.
  2. Grammatical Errors and Spelling Mistakes: Phishing attempts, particularly those originating from non-native English speaking countries, often contain grammatical errors and misspellings. Legitimate organizations typically have their communications proofread for such mistakes.
  3. Urgent or Threatening Language: Many phishing emails create a sense of urgency or danger to compel you to act immediately. Be cautious if an email asks for immediate action, particularly if it involves personal or financial information. Always verify and think before you act!
  4. Mismatched URLs: If you hover over a hyperlink in a suspicious email, your email client will likely display the destination URL. If it doesn't match the URL it should be directing to, it's likely a phishing attempt. If you are still unsure about a URL you can use a tool like Virus Total or URL Scan.io to scan it.
  5. Requests for Personal Information: Legitimate organizations usually don't request sensitive information via email. If you receive an email asking for such details, it's likely a scam. Never send sensitive data over insecure methods of communication.

An example of a phishing attempt:

phishing-email-total.png

How to Protect Yourself from Phishing

  1. Keep Your Software and Devices Up to Date: Ensure all your systems, applications, and especially your devices are up to date. These updates often include patches for new security vulnerabilities that phishing attacks may exploit.
  2. Enable Two-Factor Authentication (2FA): By using 2FA, you add an extra layer of security that makes it harder for phishers to access your accounts, even if they've compromised your password or mistakenly fall victim to a phish.
  3. Don’t Click on Suspicious Links: Avoid clicking on links in unsolicited emails or messages. If you need to access a service, type the official URL directly into your browser.
  4. Never Give Out Personal Information: As a rule of thumb, never share your personal or financial information via email or over the phone unless you initiated the contact and you're sure of who you're talking to.
  5. Educate Yourself: It doesn't hurt to read up on the latest scams or cybersecurity events in the news so that your aware of what’s happening. Additionally, you can practice spotting a phish here: https://www.phishingbox.com/phishing-iq-test/quiz.php?reset=1