How To Identify a Phishing Email Before It’s Too Late

Written by Matt Adams on October 19, 2022

Warren Averett how to identify a phishing email image

Time is of the essence when it comes to preventing a phishing attack on your business. An employee’s split-second assessment of whether to respond to a suspicious request is supremely critical. The wrong move can mean the difference between maintaining your business’s excellent reputation and the fallout that comes with a data breach.

However, providing security awareness training can empower your employees to make the right decisions when faced with having to make a swift call. Let’s take a closer look at how to identify a phishing email.

Phishing Email Example Characteristics

According to the National Institute of Standards and Technology (NIST), when learning how to spot a phishing email, you’ll want to consider that most phishing emails have these similar tell-tale features.

Urgency

Almost all phishing emails use language that seeks to instill a sense of urgency. This can include threats of loss or time-sensitive opportunities.

Generic greetings

Most phishing attacks are a volume endeavor. Because of this, cybercriminals are often unable to personalize messages. Fraudulent emails often use generic greetings such as, “Dear customer,” unlike the customization legitimate organizations offer where they call you by name.

Unusual attachments

Turn off the option to automatically download attachments. Even if a manual scan using your antivirus software shows the file is clean, treat all attachments with a high dose of suspicion.

Fraudulent hyperlinks

The hyperlink you see may be only a mirage. Check to see what happens when you hover your mouse over the link to determine if it’s directing to an alternate link.

Typos or unusual phrases

It’s not always the case, but many phishing emails contain grammatical errors; for example, they may use the word “patient” instead of “patience” or awkward phrasing like “feel free to contact with our executive.” Unusual phrasing is a hallmark of many phishing emails and is done both unintentionally (by non-native speakers) and intentionally (to defeat spam filters).

Watch for Targeted Phishing Attacks

Not all phishing emails follow the same format. Keep in mind that high-level executives, such as CEOs, are at a particularly high risk of business email compromise (BEC), which can appear more personalized than generic attempts. This targeted phishing scam is one where the criminal impersonates an executive and attempts to lure employees into paying fake invoices or disclosing payroll information. This type of targeted attack is estimated to have cost U.S. businesses $2.4 billion in 2021, according to the FBI.

How To Spot a Phishing Email: A Checklist

Once you understand the common characteristics of a phishing email, you can use this insight to help you identify a phishing email. But you’ll want to go further.
It can be helpful to run through a simple checklist process before reaching a conclusion about how to respond to an email request. Here are three steps recommended by the Federal Trade Commission (FTC):

Step 1: Do your research

Take the time to check out the website or phone number of the company or person sending the text or email. Try to discern that you’re communicating with the actual company and not about to download malware or talk to a scammer.

Step 2: Talk to someone

Sometimes just talking to a colleague can help you make a better judgment call. Perhaps your colleague received the same phony request, or they might notice something you’ve overlooked. As the saying goes, two heads are better than one.

Step 3: Use the phone

Look up the phone number of the vendor, colleague or client who sent the email and then call them directly. Confirm whether they have really made the request. Just be sure to use a number you know to be correct, not the number in the email or text.

How To Prevent Phishing Attacks From Damaging Your Business

Once you or your employees have successfully spotted the phishing attempt, now what? While you might be tempted to hit delete, if you want to prevent future phishing attacks, take these additional steps.

How To Report Phishing Emails

Just because one person in your company knows how to identify a phishing email scam doesn’t mean everyone will.

Step 1: Alert your employees

It’s important to inform your employees of the phishing attempt, especially if the scammer was impersonating someone within your company. And it’s a great opportunity to teach your employees how to spot a phishing email.

If the email was impersonating one of your customers or vendors instead, then you can lend a helping hand by informing them, so they can alert their staff as needed.

Step 2: Document the attempt

Flagging the email as a phishing attempt with your email client can help prevent phishing emails from landing in your inbox in the future. Outlook offers these specific instructions on how to report phishing emails.

Microsoft Office Outlook – With the fraudulent email selected, choose “report message” from the ribbon, and then select “phishing.” This step will remove the message from your inbox and helps Outlook filter so that you’re less likely to receive these types of messages going forward.

Outlook.com – Choose the check box next to the suspicious message in your Outlook.com inbox. Select the arrow next to “junk” and then select “phishing.”
Additionally, the FTC wants to know about the phishing attack you avoided. They recommend that you forward phishing emails and texts to their Anti-Phishing Working Group. By reporting these phishing attempts to the FTC, you can help to catch the cybercriminals and alert others to the newest trends in phishing attacks.

How To Protect Against Phishing Emails in the Future

Learning how to identify phishing emails and reporting them is only part of the equation. You’ll also want to investigate how to protect against phishing emails and other types of cyberattacks.

Some of the steps you can take to protect yourself and your business include:

• Updating your passwords
• Enabling multi-factor authentication
• Updating your software
• Backing up your critical files

Keep in mind that your systems are only as strong as the employees who use them. If training your employees on phishing prevention is a concern, Warren Averett Technology Group can provide security awareness training for your staff. We also offer in-depth data recovery, cybersecurity and business software solutions. To learn more about these services, schedule a consultation with an expert to evaluate how secure your systems and processes are.

Back to Resources
Top