4 Simple Questions You Should Ask to Identify Phishing Emails
What happens when you receive an email from an unknown source with a tempting subject or urgency raising text? Do you respond to the instructions right away or take a moment to address the email’s authenticity? What are the 4 simple questions you should ask to identify phishing emails?
A report by Google highlights that every day Gmail blocks more than 100 million phishing emails. Imagine this bandwidth of phishing emails spamming your inbox and feeding on your vulnerability on a daily frequency. Despite this huge figure, many fools the Gmail spam protection feature and flood your inbox with fraudulent messages, swindling your money and peace of mind.
While many might argue how dangerous it is for one’s safety to respond to such suspicious emails, the temptation to see what stays on the other side is hard to resist. It is this impulse or concern to click on the emails which seem to have come from trustworthy sources, raising an alarm of some sort, if action is not taken instantly. Whether the urgency of clicking on a link relates to updating your login credentials, updating KYC, take action on your bank savings, most of them hold no genuine grounds and are meant to harvest your sensitive information.
But, what do you do if such emails masquerade as coming from legitimate sources, hiding in plain sight to gain remote access to your system and infect it with malware, only to steal your confidential information?
More so, what do you do when your own employees knowingly or unknowingly compromise your system to sensitive data leak. While human resources are considered a strong force, they are also the weakest link to your security. A security breach can impact the finances as well as the reputation of a company. Phishing emails exploit this human tendency of temptation in an organization and feed on its employee’s vulnerabilities. A report by Forbes suggested that insiders were responsible for 36% of the total data thefts, both intentionally and unintentionally. This challenge of your security system is crippled by your human resource through phishing fraud has implications worse than any other cyber-attack.
Cyber-criminals are making their way ahead of the cutting-edge systems, bringing sophisticated attacks in myriad forms. Phishing emails are the most common source of attacks and ransomware on a company. With its rising popularity amongst cyber attackers, it is increasingly used to extort money or cause reputation loss of an individual or an organization.
While the extent of this issue is a major security hazard, the ‘STOP’ solution comprises 4 simple questions that you should ask yourself and teach your employees to consider, whenever you receive an email that asks for you to disclose your personal details. This when followed diligently, can avert the danger of phishing emails.
Let’s walk you through the questions one at a time
S: Does this email look Suspicious?
The moment you receive an email, look for hidden identifiers that can unveil the reality of that email. These may include grammatical errors, spelling mistakes or suspicious email IDs. Legitimate businesses have an automated system for email subject and text checking and almost never commit the error as naïve as bad grammar or wrong spelling. Hence, your first and most important suspicion can arise from identifying these elements.
T: Is this email Telling me to click a link?
Never will a legitimate business or organization, be it public or private ask you to click on a link in the email and enter your login credentials. If your login credentials have expired or need an update for some reason, they would ask you to visit the official website and access your account there.
Hence, receiving an email with a link, asking for action through it is a suspicion in itself and you must delete the email right away, without taking any action. However, if you do have a concern regarding the issue raised over email, you can connect with the company in person or over the phone available on their official website.
O: Is this email Offering something extraordinary?
Businesses do have loyalty programs that offer their clients good offers, discounts, and occasional offers, but never anything extraordinary. Moreover, if they have an offer that sounds tempting, its mention must be on your official account too. To confirm the offerings, you can also call the customer care of that business from their official website. But, refrain from taking action from the link or phone numbers provided in the email.
P: Is this email Pushing me to do something in haste?
No business would give a restricted deadline without prior intimation for an action such as claiming an offer, discount, updating KYC, applying for a job etc. So, if you receive an email that is pushing you to take immediate action and holds an urgency, then your vigilance sense must get heightened immediately to not respond through the email.
Proceed With Caution
Phishing emails are consistently expanding their dangerous territory and thus have gained the status of being an unavoidable threat in the digital age. Your best protection from such scams is to side with caution and use the STOP technique every time you find something sketchy in your inbox.
STOP - Suspicious, Telling, Offering, Pushing
Remember, a genuine company would never ask you to share your confidential, sensitive, personal information via insecure channels such as an email. If the message that a legitimate business is trying to convey is truly important, then they would attempt to contact you through verified methods like telephone, without extorting your personal details.