1. Subject lines
Be wary of subject lines with terms like “Account has been suspended”, Unauthorised transaction / login”. These are scare tactics to trick recipient(s) to act immediately.
2. Email address
Check the email address in the header form. Fraudsters tend to make use of free email accounts and tag it with a company name (e.g. ABCcompany@yahoo.com)
3. Subdomains
Look at any domain names contained within the email. A subdomain of a website will appear on the left side of the URL: e.g. subdomain.officialcompanyname.com. / help.ABCcompany.com. Some phish attackers will disguise their website as a subdomain of a credible company. However, as their website is not a subdomain of these companies, their website will appear on the right side of the url: e.g. officialcompanyname.maliciouswebsite.com / ABCcompany.help.com
4. Veiled threats
Phish attacks tend to use threats to frighten the recipient(s) to act quickly. These emails will contained call-to-action and terms like the following: “your account will be closed”, “your account has been compromised”, “urgent action is required”, “we suspect an unauthorised transaction on your account”. These terms are used as a fear tactic to trick recipient(s) to click on links or provide personal information for identity theft.
5. Generic salutations
Most phish attacks often address the recipient(s) using generic terms (e.g. “Dear Customer”).
6. Errors within the email content
Scan the email content for any spelling and grammatical errors and poor graphics. Official emails are often proofread; such mistakes tend to kept at a minimum.
7. Requests for personal information
Some phish attacks will consist of specific call-to-action, requesting for personal information like your password, bank account or credit card details. You should not provide such confidential information through emails.
8. Mismatch URLs
Hover your mouse over any links contained within the email. Check if the hover-text matches with what is stated on the text.
9. Redirected spoofed websites
Scrutinise the links included in the email carefully. Do they seem credible? The safest thing to do is to open a new tab and manually key in the website’s URL to be sure you’re not redirected to a spoofed website.
10. Email signature
Did the email contain a signature that states various ways of contacting the sender? Most corporates practise the habit of including email signatures with various contact details.
Did this information come a tad too late for you? Have you been phished? Find out what you should do now.
