Phin Security

A Guide to Catching Phishing Emails

Phishing emails, responsible for 92% of malware incidents and causing billions in losses, often impersonate major brands like Amazon and Google, and can be identified by scrutinizing sender addresses for typos, previewing links before clicking, cautiously handling unexpected attachments, being skeptical of unsolicited or urgent requests, and recognizing generic greetings that may attempt to appear personalized.

Phishing is a serious cybersecurity issue, accounting for 92% of malware incidents.

Malicious software is designed to damage or gain unauthorized access to computer systems and sensitive data.

Between 2016-2020, an estimated $28 billion were stolen through email fraud, costing $150K per incident on average.

The most frequently impersonated brands include Amazon, Google, Facebook, Whatsapp, Netflix, and Apple.


7 Tips for Spotting Phishing Emails

1: Check the Sender's Email Address

Phishing emails often come from addresses that seem legit but, on closer inspection, contain typos or the wrong extension (like .com vs .net).

2: Preview Links Before Clicking

Hover over a suspicious link or hold down on a link if you’re using a touch screen. This will show you a preview of the webpage and/or the full link without navigating to the page so you can confirm if it’s safe. Be careful of links received via text messages or as a QR code.

3: Be Careful Opening Attachments

Attachments can be just as dangerous as links. Ensure the attachment is coming from a legitimate email (see #1) and that it’s something you’re expecting. If you know the sender but aren’t expecting it, verify via a different method of communication.

4: Be Wary of Unsolicited Emails and Urgent Requests

If you receive an email from an individual or organization you don’t do business with, or if it’s someone you know but the email is unusual or urgent, be especially cautious about clicking links, opening attachments, or fulfilling requests. For example, if your CEO has never contacted you before but asks you to buy gift cards for a client ASAP, double-check the request via another communication channel.

5: Notice Generic Greetings, but Don't Let Personalization Fool You

Phishing emails will often, but not always, address you with a generic phrase, such as “Dear customer” or “Hello friend,” whereas a legitimate email will likely address you by name. However, personal information can be easily accessible to cyber criminals, so don’t dismiss other red flags just because the sender addresses you by name.

6: Don't Rely on Grammar and Spelling Errors Alone

Phishing emails tend to be poorly written, but don’t rely on errors to be a red flag. With the uptick in AI usage, errors in phishing emails may decrease, making them harder to spot.

7: Think Objectively Before Acting. 7 Seconds is All it Takes

Phishing emails often create a sense of urgency, causing readers to panic and ignore red flags. Before responding to an email, always take time to review it based on the previous tips. Just 7 seconds is enough time to switch from reactive to objective thinking.

Fun fact:

7 seconds x 100 emails is less than 12 minutes. Those 12 minutes are definitely worth not getting phished.

Learn More Strategies Here

Let's Test Your Knowledge!

Spot the Difference: Can you tell which email is a phish?

Option 1:

  1. 1.Correct email address
  2. 2.Personalized Greeting
  3. 3.Safe link
  4. 4.2nd method of communication
  5. 5.Preview matches specified content

Option 2:

  1. 1.Sense of urgency
  2. 2.Wrong email address
  3. 3.Bad link
  4. 4.Generic Greeting
  5. 5.Poor Grammar

Option 2 is the Phish!

Do You Know a Phish When You See One?

Test yourself with this quiz! (Run by Google)