Some common cyber threats facing the retail industry include ransomware attacks, social engineering, system intrusions and insider threats. The retail sector is often targeted by cybercriminals
Updated on November 13, 2024.
Common indicators of a phishing attempt include warnings from your email service provider, urgent or threatening language, too-good-to-be-true offers and more. According to IBM, phishing is the catalyst for 41% of cyber attacks, leading to malware infections, account takeovers, fraud and identity theft.
Continue reading to learn what phishing attempts are, how to spot them and ways you can protect yourself from falling victim to phishing attacks.
What is a phishing attempt?
A phishing attempt occurs when a threat actor tries to trick you into sharing sensitive information through emails, texts or phone calls. In these attempts, threat actors may display a sense of urgency and pretend to be someone you know or a company you have an account with to gain your trust. If you unknowingly provide the threat actor with sensitive information, they can use it for malicious purposes, such as to compromise your online accounts, steal your money or even steal your identity.
8 common indicators of a phishing attempt
There are many signs that a virtual interaction is actually a phishing attempt, including warnings from your email service provider, spelling or grammatical errors and requests for personal information.
1. Warning from your email service provider
Since phishing has become more common, many major email service providers, including Gmail, now feature built-in warnings about suspicious emails that could be phishing attempts. When your email service provider suspects that an email you’ve received may be a phishing attempt, you will see a warning message informing you that the message appears dangerous and suggesting that you report it.
2. Urgent language
Phishing attempts often contain language that displays a sense of urgency. Threat actors use urgent language in their messages because they want you to act as quickly as possible, before you have time to second-guess your decision to share personal information.
For example, a phishing text message, also known as smishing, may say something like, “Act now, or your account will be deactivated. Click on the link below to update your login information.” If you click on the link provided in the text message, your device may become infected with malware, or you may be taken to a spoofed website that looks legitimate enough for you to enter your login credentials. However, by entering your information into the spoofed site, you’re handing over access to your account, which a threat actor can then use to compromise your legitimate account.
3. Threat of dire consequences
Phishing attempts will typically threaten you with dire consequences, influencing how quickly you share personal information with a threat actor. Using the example mentioned previously, the threat of your account being deactivated is a dire consequence, especially if the account contains sensitive information like your finances. However, threat actors can take these threats to another level – even threatening you with arrest if you don’t pay them a certain amount of money within a specific timeframe.
Even though these consequences are fabricated by the threat actors, many people believe they will face severe consequences if they don’t follow the instructions in an email, text or call. By listening to a threat actor and sharing your personal information, you may fall for the phishing attempt and likely suffer financial consequences or risk having your identity stolen.
4. Too-good-to-be-true offers
If you ever receive an unsolicited message with an offer that seems too good to be true, it is likely part of a phishing attempt. When threat actors execute their phishing attempts, they know exactly what to say to convince you of their authority, leading you to fall for their scams. Before you decide to click a link or buy anything from an email or text message offer that seems too good, investigate further before taking any actions that could harm you and jeopardize your data or finances.
5. Misspellings and grammatical errors
Another common indicator of a phishing attempt is when a message includes misspellings and grammatical errors. This is especially true if you receive an email that claims to be from a company you have an account with. Before legitimate companies send out emails to customers, each message goes through multiple rounds of review to ensure there are no errors. If you receive an email claiming to be from a company and you notice errors, it’s best not to click on anything in the email because it could be a phishing attempt. However, it is becoming harder to tell the difference between legitimate emails and phishing attempts because threat actors have started using Artificial Intelligence (AI) to quickly draft personalized phishing emails that contain no spelling or grammatical errors.
6. Unsolicited links and attachments
When you receive unsolicited links and attachments through email or text messages, this can be an indicator that the message is a phishing attempt. It’s worth checking if the links and attachments are safe before actually clicking them. You can check if a link is safe by hovering your mouse over it and previewing the URL to determine if the link matches what it claims to be. Another easy way to check a link’s safety is by copying and pasting it into a URL checker. Check that an unsolicited attachment is safe by verifying who the sender is, avoiding attachments marked as spam and using antivirus software to scan attachments.
7. Requests for personal information
As phishing attempts have gotten more sophisticated over the years, some threat actors have even started spoofing phone numbers to appear as if they’re coming from phone numbers you have saved in your contacts. If you receive an email, text message or phone call from someone claiming to be a company or person you know, think twice before giving out your personal information, especially if you didn’t initiate the conversation. Most legitimate companies will not reach out to you unless you initiated the interaction, so no one should request any personal information from you without reasonable cause.
8. Discrepancies in email addresses and domain names
Another indicator of a phishing attempt is when an email address and domain name don’t match the person or company the sender claims to be. For example, if you receive an email claiming to be from your bank but the domain name isn’t the official bank name, this is a sign of a phishing attempt. Companies typically have official domain names, so if the email address claiming to be a company doesn’t match, someone may be impersonating your bank to try to steal your money or gain access to your financial information.
How to protect yourself from phishing attempts
Threat actors are becoming more clever in creating a variety of cyber attacks with technological advancements, so it’s important to know how to stay protected from these phishing attempts. Here are a few ways to protect yourself from phishing attempts.
Use strong passwords on your accounts
The first things threat actors try to compromise are your online accounts, so it’s important that each one is guarded with a strong password. Your online accounts are valuable to threat actors because they contain Personally Identifiable Information (PII), such as your credit card numbers, home address and date of birth. Make sure that each one of your accounts is secured with a strong, unique password so it’s harder for cybercriminals to gain access. Each account should be protected with a password containing at least 16 characters and a combination of uppercase and lowercase letters, numbers and symbols. It can be difficult to come up with strong, random passwords on your own, which is why you should use a password or passphrase generator.
Enable Multi-Factor Authentication (MFA) on your accounts
Your accounts should not only be protected with strong passwords, but they should also have MFA enabled whenever possible. MFA is a security measure that requires an additional form of authentication before you can access your account. When enabled, MFA requires you to provide one or more forms of authentication in addition to your username and password. Even if you fall for a phishing attempt and give a threat actor your credentials, having MFA enabled would prevent them from compromising your account since they can’t verify their identity.
Checks links before clicking them
If you receive an unsolicited link, you must confirm that it is safe before clicking on it. Here are two ways to check if a link is safe:
- Hover your mouse over the link: Hovering your mouse over a link will reveal the actual website address that it will direct you to when you click it. If something about the website address looks suspicious, do not click on the link, as you may trigger a malware infection.
- Use Google’s Transparency Report: Google Transparency Report is a free tool you can use to check if a URL is safe. Simply copy and paste the link into the report, which will tell you whether it’s safe to click.
Use antivirus software to scan email attachments
Antivirus software is a type of program you install on your device that detects, prevents and removes known viruses and malware. Some antivirus software can also scan email attachments that you receive. When antivirus software detects that an attachment contains a virus, it removes the virus, preventing it from infecting your device.
Don’t respond to requests for personal information
You should never respond to sudden requests for personal information. Companies you have accounts with, such as your bank, will never randomly contact you to confirm credit card details. The only time a company will request personal information is if you were the one who initiated contact.
Reach out to the company or individual through another form
Whenever you receive an email, text message or phone call that makes you question its legitimacy, contact the individual or company directly through another method of communication. For example, if you receive a text from someone claiming to be your boss, send your boss an email to confirm if they actually sent you the text. If they say the message isn’t from them, then you know the text message was a phishing attempt.
Be vigilant in spotting phishing attempts
The consequences of falling for a phishing attempt can damage your device, jeopardize your data and compromise your privacy. It’s important to know how to spot phishing attempts, such as by detecting urgent or threatening language, noticing spelling or grammatical errors and evaluating the safety of any links or attachments. To stay protected from phishing attempts, the most important step is to use strong passwords on your online accounts. You can create, update and store your passwords in a password manager like Keeper®.
Start your free 30-day trial of Keeper Password Manager to secure your online accounts and protect yourself from phishing attempts.