Protect Yourself from Email Spoofing
Tip 1: Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email account. For example, see the image above. An email is coming from “Mark Adams” but upon a closer look, the actual email address is hacker@gmail.com.
This requires us, as employees, to remain vigilant and on the look out for potential spoofing. On a computer, we can hover the cursor over a display name to see the actual email address. On a mobile device, it may require us to fully expand the message information.
Tip 2: Look but don’t click
Cybercriminals love to embed malicious links in legitimate-sounding copy. Hover your mouse over any links you find embedded in the body of your email. If the link address looks weird, don’t click on it. If you have any reservations about the link, use the Phish Alert Report in Microsoft Outlook.
Tip 3: Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
Tip 4: Analyze the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.
Tip 5: Don’t give up personal or company confidential information
Most companies will never ask for personal credentials via email--especially banks. Likewise, most companies will have policies in place preventing external communications of business IP. Stop yourself before revealing any confidential information over email.
Tip 6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or ask you to action an “urgent payment request.”
Tip 7: Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details. Check for them!