Common indicators of a phishing attempt include warnings from your email service provider, urgent language, threat of dire consequences, too-good-to-be-true offers and more. Continue reading to learn what to look for to spot phishing attempts and how to keep yourself protected.
What Is a Phishing Attempt?
A phishing attempt is when a threat actor emails, texts or calls you in an attempt to persuade you into providing them with sensitive information. Threat actors will display a sense of urgency and pretend to be someone you know or a company you have an account with so you’re easily convinced to provide them with your personal information. When you unknowingly provide the threat actor with your information, they use it for their own malicious purposes like compromising your online accounts, stealing your money or even stealing your identity.
8 Common Indicators of a Phishing Attempt
Here are eight common indicators of a phishing attempt.
1. Warning from your email service provider
As phishing has gotten more common, some email service providers have started providing users with built-in warnings about apparent phishing attempts. One email service provider that has started doing this is Gmail.
When your email service provider suspects that an email you’ve received could be a phishing attempt, your email displays a warning message. The warning may look something like the image below.
2. Urgent language
Phishing attempts will often contain language that displays a sense of urgency. This is because the cybercriminal wants the targeted victim to act as quickly as possible so they don’t second-guess themselves when sending their personal information.
For example, a phishing text message, also known as smishing, may say something along the lines of, “Act now or your account will be deactivated. Click on the link below to update your login information.” The smishing text will also provide you with a link to click. If you click on the link, your device will become infected with malware or you’ll be taken to a spoofed website that looks legitimate. When you enter your credentials into the spoofed site, you’re providing the cybercriminal with your credentials which they can then use to compromise your legitimate account.
3. Threat of dire consequences
Phishing attempts will also threaten you with dire consequences. Using the example mentioned previously, your account being deactivated is a dire consequence. However, most of the time cybercriminals threaten even more serious consequences like saying you’ll be arrested if you don’t pay them a certain amount of money in a specific timeframe.
While the alleged consequences aren’t true, many people believe they are. They fall for the phishing attempt, and in the process, suffer financial consequences or risk having their identity stolen because of the information they’ve provided the cybercriminal.
4. Too-good-to-be-true offers
If you ever receive an unsolicited message with an offer that seems too good to be true, it might be exactly that. When cybercriminals execute their phishing attempts, they know exactly what to say so that the victim is easily convinced and falls for the scam.
Before deciding to click a link or buy anything from an email or text message offer that seems too good, investigate further before taking any actions that could hurt you and jeopardize your data.
5. Misspellings and grammatical errors
Another common indicator of a phishing attempt is when the message includes misspellings and grammatical errors. This is especially true if it’s an email that claims to be from a company you have an account with.
Before companies send out emails to customers, they go through multiple rounds of reviews to ensure there are no errors. If you receive an email claiming to be a company and you notice errors, it’s best to not click on anything in the email because it could be a phishing attempt.
6. Unsolicited links and attachments
When you are sent links and attachments through email or text messages that you never asked for, this can also be an indicator that the message is a phishing attempt. It’s worth checking if the links and attachments are safe to click on before actually clicking them.
7. Requests for personal information
Sudden requests for personal information are also a common phishing attempt indicator. If you receive an email, text message or phone call from an unknown number claiming to be a company or someone you know, think twice before giving out your personal information, especially if you weren’t the one who initiated the conversation.
As phishing attempts have gotten more sophisticated over the years, some cybercriminals have even started spoofing phone numbers to make it seem like they’re coming from a number you have saved in your contacts. Cybercriminals have also started using AI to quickly draft personalized phishing emails.
8. Discrepancies in email addresses and domain names
Another phishing attempt indicator is if an email claiming to be from a boss, coworker or company, has an email address and domain name that doesn’t match up with who they claim to be. For example, if you receive an email claiming to be your bank and their domain name isn’t the official bank name, then this should be a red flag for you. Companies will often have official domain names, so if the email address claiming to be a company doesn’t match up, this is a phishing attempt indicator.
How to Protect Yourself From Phishing Attempts
Here are some tips to protect yourself from falling victim to phishing attempts.
Use strong passwords on your accounts
Because phishing attempts have gotten more sophisticated, there’s a chance that you might fall victim to one accidentally. In case you do, the first thing you want to already have secured are your accounts. Usually, the first thing cybercriminals try to compromise is your online accounts because they contain personal information such as your credit card numbers, home address and date of birth. Make sure that each one of your accounts is secured with a strong and unique password so it’s harder for cybercriminals to gain access.
It can be difficult to come up with strong passwords on your own for each of your accounts, so we recommend using a password manager to help you create and store them in a secure place.
Enable multi-factor authentication on your accounts
Your accounts should not only be protected with strong passwords, but they should also have Multi-Factor Authentication (MFA) enabled whenever possible. MFA is a security measure that can be added to most accounts. When enabled, MFA requires that the user provide one or more forms of authentication in addition to their username and password.
In the case that you were to fall for a phishing attempt and reveal the login credentials to one of your accounts, having MFA enabled would prevent a cybercriminal from being able to compromise the account since they won’t be able to verify who they are.
Checks links before clicking them
It’s a cybersecurity best practice to never click on unsolicited links. Even if you believe that a link you were sent is safe, it’s still important to confirm. There are two ways you can check if a link is safe.
Hover your mouse over the link: Hovering your mouse over a link will reveal the actual website address that it’ll direct you to when you click it. If something about the website address looks off, it’s best not to click it as it’ll most likely lead you to a spoofed site or trigger a malware infection.
Use Google’s Transparency Report: Google Transparency Report is a free tool you use to check the safety of a URL, otherwise known as the website address. All you have to do is safely copy the link and paste it into the transparency report, and it’ll let you know if the link is safe to click.
Use antivirus software to scan email attachments
Antivirus software is a type of program you install on your device that prevents, detects and removes viruses and malware. Some antivirus software comes with the ability to scan email attachments that you’re sent. When antivirus software detects that an attachment has a virus, it removes it – preventing it from being able to infect your device.
Don’t respond to requests for personal information
You should never respond to sudden requests for personal information. Companies you have accounts with–like your bank–will never contact you out of nowhere asking you to confirm credit card details, so never respond to these sudden requests for personal information. The only time a company will request personal information is if you were the one who initiated contact.
Reach out to the company or individual through another form
Whenever you receive an email, text message or phone call that makes you question whether or not it’s legitimate, contact the individual or company directly through another method of communication. For example, if you receive a text from someone claiming to be your boss, send your boss an email or message through your work messaging platform and confirm if they actually sent you the text. If they say the message isn’t from them, then you just avoided becoming a phishing victim.
Be Vigilant in Spotting Phishing Attempts
As phishing attempts rise, it’s important you understand what they are and how to spot them, so you can protect yourself and your data.
To start securing your online accounts, start a free 30-day trial of Keeper Password Manager. An added benefit to password managers is they won’t autofill your credentials on websites they don’t recognize, which means if you click on an unsafe link that redirects you to a spoofed website, your password manager will know and so will you.
Aranza Trevino is the Senior SEO Content Specialist at Keeper Security. She is an experienced cybersecurity trend and data analyst who continues to gain industry knowledge to educate readers through her blog efforts. Aranza’s blogs aim to help the public and businesses better understand the importance of password management, password security and staying protected against cyber threats. Aranza has a B.S. in digital marketing from DePaul University.
Get the latest cybersecurity news and updates sent straight to your inbox
Share this blog
You May Also Like
How Is Ransomware Delivered?
Some of the most common ways ransomware is delivered are through phishing emails, drive-by downloads, exploit kits and RDP exploits. According to Malwarebytes’ 2024 State of Malware report, in 2023 the number of known ransomware attacks...