Common Indicators of Phishing Attempts

Phishing is one of the most common ways for cybercriminals to obtain sensitive data, access bank accounts, and gain a foothold in business networks, so it is essential for all members of the workforce to understand the common indicators of phishing attempts and be conditioned to always looking for the signs of phishing across all methods of electronic communication.

Phishing Attacks on Businesses Doubled in a Year

Phishing is a form of social engineering that involves deceiving people into taking certain actions that they would not normally take. According to the National Institute of Standards and Technology (NIST), phishing is defined as “A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a legitimate business or reputable person.” The distribution of malware via email is often included under the definition of phishing.

Phishing attacks on businesses have been increasing steadily for years. According to the Anti Phishing Working Group (APWG), phishing attacks doubled in 2020 and have continued at elevated levels since. A survey of businesses conducted by the Ponemon Institute on behalf of Proofpoint found that the average annual cost of recovering from phishing attacks was $14.8 million in 2021. In 2015, the cost was $3.8 million.

Phishing attacks are not only increasing in number and becoming more expensive to mitigate, they are also becoming increasingly sophisticated. Phishing emails often evade detection by email security solutions and land in inboxes where they can attract a click, so all members of the workforce should be trained on the common indicators of phishing attempts. If the workforce knows about the threat of phishing and awareness of the signs of phishing emails is improved, more attacks can be thwarted.

Common Indicators of Phishing Attempts

Phishing is most commonly conducted via email; however, attacks using other communication methods are becoming more common. SMS messages (smishing) usually involves links to malicious websites and SMS phishing attacks are growing fast, as are phishing attempts via social media. In the case of the latter, innocent-looking posts asking people to reveal their favorite food, teacher, movie, or band are sent to gather information to gain insights into possible passwords and password hints. Phishing can also occur over the phone (vishing), or involve a combination these communication methods.

Since most phishing attempts occur via email, the best place to start with improving awareness of phishing is to teach the workforce the common indicators of phishing attempts via email. When an email is received, a quick check of the content and headers is all that is needed to identify most phishing attempts.

Generic greetings in emails

While spear phishing attempts often include the targeted individual’s name, most phishing emails do not and instead use a generic greeting or don’t have any greeting at all. These emails are sent in bulk to huge numbers of individuals and phishers do not have the time to address the emails personally, and often do not know the recipient’s name. Genuine emails tend to have personalized greetings.

Poor spelling and sentence structure

Poor spelling, grammatical errors, strange synonyms, bad sentence structure, and odd formatting are all common in phishing emails, as is the lack of any signature or contact information. Genuine business emails are well written, and marketing communications are written by professional copywriters and are proofread before sending.

Suspicious email attachments

If you receive an email with an unsolicited email attachment you should be instantly suspicious. Legitimate businesses do not tend to send unsolicited attachments. If information needs to be provided, it is included in the message body or a link to the company website is provided.  Do not open unsolicited attachments, but if you do receive an attachment and decide to open it, scan them with your antivirus first and never enable content in Office documents unless 100% sure the email is genuine. You do not need to enable content because the document was created in a previous version of Word!

Requests for personal information

Phishing is commonly conducted to obtain sensitive information, such as personal information (name, address, DOB, Social Security number), financial information (bank account, credit card number), or login credentials. Any email that requests this information or requires this information to be provided via a linked website has a high probability of being a phishing attempt.

The sender’s email address does not match the company name

The sender’s email address not matching the company name is one of the most common indicators of a phishing email. Also, do not trust the display name of the sender – check the actual email address. If a business sends an email, that email will usually come from the company domain. It will not be sent from a free email service such as Hotmail, Outlook, or Gmail.

Hyperlinks direct to unrelated websites

Phishing emails often direct users to a website. Do not trust the anchor text of any link as this can be anything. Always check where that link will direct you by hovering your mouse arrow over the link. If it doesn’t direct you to the company website, or if the linked website doesn’t make sense, do not click. If you do click a link that looks genuine, double-check the URL of the web page you land on, as you may have been redirected after clicking.

The email contains a threat

Many phishing emails try to get users to take rapid action, as if the recipient were to stop and check the message, they would likely recognize some of these common indicators of phishing attempts. Fear is used, whether that is scaring someone into clicking to avoid account closure or legal action, or fear of missing out – such as a too good to be true offer. Stop and think, and if there is a threat issued and an urgent response is required, take extra time to check for signs of phishing.