Phishing emails from a “Nigerian Prince” are not only less common, but they are quickly picked up by spam filters. Newer phishing scams are much more sophisticated and can easily fool even trained eyes. They seemingly come from reputable organizations like Microsoft, Google, Apple, Wells Fargo and so on.
So what can be done to help you spot these types of emails?
We recommend something called the R-E-P-E-L method. They are 5 key indicators that may help you spot the hook. These are not hard and fast rules, but they may help you detect some red flags that something malicious is afoot.
- Was it Requested?
- Really read the Email address.
- Does it contain Personal information?
- Do you see spelling Errors?
- Where is that Link sending you?
Let’s go over each of these a little closer.
Did you request the email, the information or did it come in without knowing? Often a malicious email will look like it is coming from a major company like Microsoft. They will request to login to your account, or change your password because there is a security concern.
If this is a legitimate request from a reputable company, you can do two things.
First, you can open up a new window (don’t use the links) go directly to your account, and if it's legitimate, it will prompt again. If not, that email is likely part of a phishing campaign.
Your second option is to call the company directly and ask if they sent you the email.
We don’t read words letter by letter; rather we look at letter pairings. So, email addresses that have a slight variation in spellings can often go unnoticed.
Look closely at these examples and see if you can spot the errors:
Microsoft has two letters out of order. Wells Fargo is missing an L, and Yahoo is in ALL CAPS to replace the os for zero’s.
Most reputable companies will use a CRM tool when they send any communications to their clients. Those tools allow them to use personal information like your name or account number. Emails without that information could certainly be malicious. (Again these aren’t hard and fast rules, but it could be a red flag.)
Along those same lines, major companies have a ton of measures in place to not send out communications that have grammatical to spelling errors. Of course, these measures are not fool-proof, and mistakes can happen, but it isn’t common. So if you spot obvious spelling or grammar issues in an email, it could be evidence that you are looking at a phishing email.
And last but certainly not least check the links. This actually might be the most important one.
One of the most common ways to be socially engineered relies on our desire to be efficient. Our entire culture is rooted in time. Even small amounts of time can become highly valued when it relates to common tasks that we do over and over. One major example of this are the links that take us to websites.
The beauty of a link is that it can look like it is taking you to a reputable website but instead lead you to another. Here are a few safe examples:
Click here for the latest Forbes article about 8 ways to save time at work.
There is one easy way to spot the switch. Simply hover your mouse over each link without clicking on it, and it will show you the actual website the text is linked to.
While this can help you spot a malicious link, it is still a best practice to open a new browser and go directly to the site referenced in the email. This may take more time and is dare I say, inefficient; it could make all the difference in the world in saving you from opening a phishing email.
Using the 5 tools in the R-E-P-E-L method will help you keep your passwords, computer and even company safe from a malicious attack.