Phishing: How to Identify Red Flags


Phishing Explained defines phishing as: “a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.” Allowing hackers to gain such information may result in identity theft or financial loss, and we know neither of those are on your bucket list for 2023. So, what steps can you take to prevent it?

Social Engineering Red Flags

Let’s review the contents of an email and a few red flags you can decipher:

  • From
    • This email originates from someone inside your company, but is out of character
    • The sender’s email address is from a suspicious domain
    • The sender’s name and email address do not match
  • To
    • You received an email along with a mix of unusual email addresses
    • You were cc’d on an email sent by someone you don’t know
  • Hyperlinks
    • You hover over the hyperlink address and it links to a different address
    • The hyperlink is misspelled
    • The email is blank besides a hyperlink
  • Date
    • The email you received was sent at an odd hour
  • Subject
    • The subject doesn’t match the email content
    • The email is a reply to something you never requested
  • Attachments
    • The attachment doesn’t match the email content
    • The attachment includes a file that may be dangerous
  • Content
    • There are bad spelling errors
    • The email asks for you to look at an embarrassing picture of yourself or someone else
    • The email tells you that there is a negative consequence or that you could gain something of value

Hackers are constantly coming up with new techniques, but email phishing is still the most widely used attack today. Always use caution when opening emails from someone you don’t know or emails that look suspicious. And if you have any questions regarding the authenticity of an email’s message or attachments you should reach out to the sender directly for confirmation. To read more about phishing, check out our other blog Business Anglers Beware: The Phish Are Biting.

Recently, we partnered with HacWare to help lean IT teams combat today’s most advanced phishing attacks. Teach your team how to identify a phishing attack and what to do when they come across one. Learn more from our press release.

Related Resources