Protect yourself from phishing
Phishing (pronounced “fishing”) is a type of cyberattack designed to steal your money or personal identity. It does so by tricking you into sharing sensitive information, such as credit card details, banking credentials, or passwords, on websites disguised as legitimate ones. Cybercriminals often pose as trusted companies, friends, or acquaintances in deceptive messages that include links to these fraudulent sites.
Phishing remains a prevalent form of cybercrime due to its high success rate. Cybercriminals often exploit emails, text messages, and direct messages on platforms like social media or video games to deceive individuals into sharing their personal information. The most effective protection against phishing is staying informed and recognizing the warning signs.
Here are a few ways to recognize a phishing email:
Urgent requests or threats – Stay cautious of emails and Teams messages that insist you must click a link, make a call, or open an attachment right away. These often claim immediate action is required to secure a reward or avoid a penalty. Phishing attacks and scams frequently use this tactic to create a false sense of urgency, preventing you from taking the time to think critically or seek advice from someone you trust who might spot the deception.
First-time or infrequent senders, or senders flagged as [External] – Receiving an email or Teams message from someone for the first time, particularly if they are outside your organization, is not uncommon. However, it may indicate a phishing attempt. Take your time and proceed with caution in such situations. When you receive a message from an unfamiliar sender, or one that Outlook or Teams labels as a new contact, carefully scrutinize it using some of the guidelines provided below.
Spelling and grammatical errors – Reputable companies and organizations typically have dedicated editorial teams to ensure their communications are polished and professional. If an email contains noticeable spelling or grammar mistakes, it could be a scam. These errors might stem from poor translations from another language or, in some cases, may be intentional to bypass filters designed to block such attacks
Generic greetings – Organizations that genuinely work with you will typically know your name, and personalizing emails is now quite straightforward. If an email begins with a generic salutation like “Dear sir or madam,” it could be a red flag, indicating it might not actually be from your bank or favorite shopping site.
Mismatched email domains – If an email claims to be from a trusted company, such as Microsoft or your bank, but it originates from a different domain—like Gmail.com or microsoftsupport.ru—it is likely a scam. Pay close attention to slight misspellings in the domain name as well. For example, “micros0ft.com” replaces the second “o” with a zero, or “rnicrosoft.com” swaps the “m” for an “r” and “n.” These subtle alterations are common tactics used by scammers.
Outlook displays a banner stating it could not verify the sender – This warning appears when Outlook detects something unusual in the email headers. It could be that the email failed authentication checks based on widely accepted internet standards, or the “From” field may contain information that deviates from industry norms to disguise the true sender and deceive the email server. Regardless of the specific issue, it’s essential to approach the email content with caution.
Suspicious links or unexpected attachments – If you suspect an email or Teams message might be a scam, avoid clicking on any links or opening any attachments. Instead, hover your mouse over the link (without clicking) to view the actual web address that appears. Check whether this address matches the one displayed in the message. For instance, hovering over a link might reveal the real web address, which could be a string of numbers that doesn’t resemble the company’s legitimate website. This is a common tactic used in phishing scams.