Phishing is a form of cybercrime that targets individuals by sending deceptive emails, with the goal of tricking recipients into revealing sensitive information, such as login credentials or financial information. The attackers often impersonate trusted entities, like banks, service providers, or colleagues.
Common Warning Signs of Phishing Attacks:
Suspicious sender address: Check the sender's email address carefully. Attackers often use email addresses that appear like legitimate ones but may contain subtle differences, such as misspellings or replaced characters.
Urgent or threatening language: Phishing emails often use urgent language, such as "immediate action required," or make threats like "your account will be closed if you don't respond."
Generic greetings: Phishing emails may use generic salutations like "Dear customer" or "Dear employee" instead of addressing you by name.
Unexpected attachments or links: Be cautious of unsolicited emails containing attachments or links, as they may lead to malicious websites or contain malware.
Spelling and grammar errors: Phishing emails may contain spelling or grammar mistakes, which can be a sign of a hastily crafted or non-professional communication.
To protect yourself and your organization from phishing attacks, follow these best practices:
Verify the sender: If you receive an email from an unknown sender or one that appears suspicious, verify their identity by contacting them directly, via a means other than email. A phone call is best.
Don't click on unknown links or download attachments: Instead, hover your cursor over the link to reveal the destination URL, and verify if it leads to a legitimate website. If unsure, contact the sender through a known, trusted method.
Report suspicious emails: Check the box next to the email, and click the icon to Report spam (see image below) to help train Google’s spam filters to block similar emails in the future. As these malicious emails usually originate from a new email address each time, this is a much more efficient practice than simply blocking the email address it came from.