Are you sure that email from your manager is actually from your manager? Companies and individuals are oftentimes targeted by cybercriminals via emails designed to look like they came from legitimate sources such as your manager, bank, or a legitimate government agency.
This technique is called phishing, and it is a way cybercriminal con you into providing your personal information, or even trick you into downloading a malicious file. A phishing email or text (also known as SMiShing) is a fraudulent message made to look legitimate, and typically asks you to provide sensitive personal information in various ways.
It is advised by the Guyana National CIRT, that some amount of caution be taken when clicking on links and/or downloading files found within emails and text messages. As such, we recommend the following tips on how to recognize and/or avoid phishing emails and texts.
- The URL does not match- Cybercriminals love to embed malicious links in legitimate-looking emails. Hover your mouse over any link you find embedded in the body of your email. Hovering over the link will allow you to see a link preview. If the URL looks suspicious, do not interact with it, instead, inform your administrator or manager about same.
- Check for spelling mistakes - Brands are serious about emails. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
- Analyze the salutation - Is the email addressed to a vague “Valued Customer?” If so, be careful, legitimate businesses will often use a personal salutation with your first and last name.
- Request for personal or company confidential information - Most companies such as banks and other financial institutions will never ask for personal credentials via email. Stop yourself before revealing any confidential information over email. Call to verify if that company sent you that email.
- Beware of urgent or threatening language in the subject line - Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or ask you to action an “urgent payment request.”
- Review the signature - Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details. Check for them.
- Do not trust the header from the email address - Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address, including the domain name. Keep in mind that just because the sender’s email address looks legitimate (example, email@example.com), it may not be. A familiar name in your inbox is not always who you think it is.
- Do not believe everything you see - Phishers are extremely good at what they do. Many malicious emails include convincing brand logos, language, and a seemingly valid email address. Be skeptical when it comes to your email messages if it looks even remotely suspicious, do not open it.
For more information on how you can avoid Phishing scams check out the Get Safe Online website at www.getsafeonline.org/protecting-yourself/smishing/
- Phishing: How To Protect Yourself When Working Remotely (September 18 2020) Retrieved from: https://www.bluehost.com/blog/
- How to Recognize and Avoid Phishing Scams (May 2019) Retrieved from: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
- 10 Tips on How to Identify a Phishing Email (October 2016) Retrieved from: https://www.proofpoint.com/us/corporate-blog/post/10-tips-how-to-identify-phishing-email
- Phishing Email Examples: How to Recognize a Phishing Email (March 15 2021) Retrieved from: https://www.mcafee.com/blogs/consumer/phishing-email-examples-how-to-recognize-a-phishing-email