How to Spot Phishing Emails
Phishing involves an attack on a target using malware-laden file attachments or links leading to fake websites that trick victims into sharing their personal and financial information. These attacks typically use the attacker’s control of a system to send messages that look like they are from someone or somewhere the victim knows and deals with, in an attempt to fool them into installing malicious software, or handing over passwords, account IDs, credit card details and other PII.
Message-based phishing attacks are also on the rise, with criminals using instant messaging services to impersonate people in order to ask victims to share their personal details or click on malicious links. This includes WhatsApp conversations in which a criminal can pose as a loved one, attempting to steal private keys or passwords to crypto wallets. Such attacks are costing users and crypto exchanges hundreds of millions of dollars (Cryptowire, 2019).
There are a number of telltale signs that an email may be a phishing attempt. If a message sounds unusually casual or formal for the person it is being sent from, this should raise suspicion. Other warnings include misspellings and grammatical errors that can indicate the attacker is trying to hide their identity.
Another good rule of thumb is to hover the mouse over any hyperlinks within an email before clicking on them. If the URL displayed does not match the link text, this is a warning sign that the link will lead to a website you do not want to visit. Similarly, any emails requiring you to take action immediately or asking for sensitive information should be viewed with extreme skepticism.