Email phishing is an attempt by a cybercriminal to gain access to financial information or computers and systems. The goal of email phishing is to either gain access to your personal or financial information or spread malware. Since the beginning of the coronavirus pandemic, individuals and corporations have experienced increased phishing attempts disguised as resources about coronavirus or information about the CARES Act stimulus checks. Google alone reported seeing 18 million phishing and malware attempts daily in one week in April, 2020.
In recognition of 2023’s International Data Privacy Week, let’s review how we can spot email phishing to protect our digital data privacy.
How to Spot a Phishing Email
Phishing emails try to create a sense of urgency or fear. Phishers know that when people feel pressured, they’ll make quick judgements without considering all the information. Recently, people have received phishing attempts regarding the CARES Act stimulus checks asking them to confirm their banking information quickly so that the funds are deposited correctly. Financial institutions will not ask for this information via email. If you receive an email asking for an immediate response or within a few minutes of when its timestamped, pause and look for any of the other phishing clues below.
Always check the sender’s email address. Email platforms typically provide the sender’s name as a link, but if you hover your mouse over the link, the actual email address will appear. If this does not match the expected source, it is a tell-tale sign that you are viewing a phishing email.
This phishing attempt utilizes the persona of Vitality Groups CEO, Tal Gilbert, to create a sense of urgency in addition to the language such as “expedite” so that the recipient may not think about the unusual request. When looking at the sender, the email address used is clearly not a professional address as the company name is flipped: vitalitygroup@ instead of @vitalitygroup.com.
Beware of suspicious links or attachments in phishing emails. Email phishers try to impersonate people or businesses you trust. The links will try to collect your personal information and attachments can contain malware. If a link is included in an email, don’t click! By hovering your mouse over the words of the link, the true link will appear. This can be examined to see if an alternate address is being provided. Suspicious links may look similar to a business the email is referencing but this is another space that misspellings pop up. Another option is to type the website address into the browser yourself so that you go to the correct website. Do not open attachments from untrusted sources.
Many phishing emails contain odd language and spelling or grammar mistakes. You should always note to whom the email is addressed. The businesses where you shop and bank with have the technology to insert your name into the body of the email. If it is addressed as “Dear Valued Customer” or “Dear User,” this general opening could be a clue you have opened a phishing email. The body of the email may feel very formal when it’s impersonating someone with who you have a casual relationship. Phishing emails from companies where you have accounts may contain the logo and look professional; however, when you read the body of the email, you notice spelling and grammar mistakes.
This example from Norton’s page about phishing emails in the time of coronavirus utilizes the fear of the global pandemic to encourage recipients to open the link disguised as a PDF. The email is not addressed to a specific person. The typos include spaces before punctuation, no punctuation, misspellings (corona virus), and an odd title without the proper capitalization (Specialist wuhan-virus-advisory).
How to Report a Phishing Email
Because phishing attempts have been on the rise over the last several months, it’s important to know how to spot one and what to do with it. If you do receive a phishing attempt through your work email, be sure to follow your company’s policy for reporting the phishing attempt. If you receive a phishing email in your personal inbox, some companies— particularly financial institutions— have methods for reporting that as well. After following any reporting protocols, block the sender and delete the email.
With this information, you can protect your personal and financial information from cybercrimes like email phishing.
Christine Halpaus, a training specialist at Vitality, is a former K-6 educator. She earned her Masters in Teaching from George Mason University. Christine and her husband enjoy whatever time they can get outside whether kayaking in Lake Michigan, taking long walks in the sun or the snow with their three rescue dogs, enjoying the evening on a patio, or finding quiet in nature outside of Chicago.
