Identifying Phishing Red Flags
![Google Translate]([{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1746109842/csdnborg/zesxmdj1pv7nrwtojvds/altLogo.jpg","width":256},{"url":"https://resources.finalsite.net/images/f_auto,q_auto/v1746109842/csdnborg/zesxmdj1pv7nrwtojvds/altLogo.jpg","width":383}])
Identifying Phishing Red Flags
Phishing is when a cybercriminal sends a message in an attempt to gain access to sensitive information or get you to take a dangerous action, such as opening a malicious link or downloading an attachment.
Phishing attacks can happen to anyone at any time. Knowing how to identify and respond to phishing attacks can prevent cybercriminals from stealing sensitive information and causing harm to you and your organization.
1. Stop and Think.
Cybercriminals want you to react without thinking first. They make urgent, threatening, or emotional requests to get you to act fast. They may try to appeal to your emotions by:
- Urging you to change your password immediately to protect your account
- Threatening you with consequences if you don’t make a payment right away
- Pretending to be a friend or family member who is in danger and needs money quickly
Stop and think before reacting to requests for sensitive information such as personal details, payment information, and login information.
2. Common Clues - warning signs that indicate a message is likely a phishing attempt.
Many phishing messages have common clues if you know what to be aware of.
Clue 1: Spelling Errors
Cybercriminals may send quickly-written emails with poor spelling or grammar, attempting to target as many people as possible. Pay attention to spelling or grammar errors in the email content. If the errors are unusual for the sender, this could be a red flag.
Clue 2: Suspicious Sender
Examine the sender's details by reviewing each character of the name, email address, or phone number. Do not engage with the message if you don’t recognize the sender or notice any slight variations to a trusted sender's address.
Clue 3: Unexpected Links and Attachments
Never open links that are unexpected or come from an unknown sender. Inspect all links carefully to verify their real destination is expected and trusted before opening them.
3. Sneaky Spelling
Cybercriminals can slightly change the spelling or punctuation of trusted emails or web addresses so they look real at first glance. Always verify the spelling of the sender’s address and any links by reviewing each character before taking action.
Inspect the spelling of each email address below. Can you find three ways the real email address was changed?
Real address:
kathy.smith@your.
Fake address:
kathy.smlth@
4. Mystery Links
Cybercriminals can hide a link’s true destination behind other text, so you need to know how to reveal a link’s actual address.
To determine where a link really takes you, hover over the link with your cursor, but do not click on it. Most browsers will display the link’s address at the bottom of the window.
If you come across a link you are unsure about on a mobile device, it’s safest to wait until you can verify the link on a computer.
Example:
Display link:
calendar.
Real link:
calendar-google.com
The link appears to lead to calendar.google.com, but it actually goes to calendar-google.com. The period after “calendar” was changed to a dash.