How to Spot a Phishing Email: The Telltale Signs

As one of the most common cybercrimes in existence, phishing is nothing to take lightly. It’s a common misconception that only the most vulnerable people fall for phishing attacks. In reality, they can happen to even the most computer savvy people among us.

Today’s identity thieves run more sophisticated operations than ever, often with entire teams working together to create well orchestrated attacks. These groups specifically target employees who work at companies that handle sensitive data, such as consumer banking, insurance and healthcare businesses – and the third-party businesses, like Venture, who serve them.

As a large portion of our clients work in industries that are at-risk for phishing attacks, the data security team at Venture Solutions continually monitors the latest phishing tactics and stays two steps ahead of the scammers. Protecting your personal information is a top priority for our experts, and providing education is the first step towards a securing your data. Learn how to spot a phishing email before you become a victim.

What to Look Out For

Staying vigilant when it comes to your personal email account is the best way to stop a phishing attack before it happens. Here are some of the ways to protect your data:

  • Know that email spam filters can’t catch everything. Phishers may send an uninfected Word or Excel attachment, that looks perfect, but has a link to a disguised malware download page inside, for you to click, after your guard is down.
  • When you see an email that asks for any type of personal information, or directs you to a page asking for it, practice extreme caution. Look at the URL (without clicking!) for any pages the email links to, in order to be certain it is directing you to an authoritative website. Look carefully! Links to fake websites can be made to look very real, especially in small type. Note the difference between: : and– now imagine you read that in a hurry, not expecting anything to be wrong with it. If you do click the link, look for the padlock symbol in the URL box — this indicates your connection to a website website is secure.
  • If the email is asking for personal information via a reply or login box within the email itself, play it safe and ignore the request. Legitimate companies don’t request personal information using such an informal process. You can always surf to the website in your browser, or from a link saved in your “Favorites”.
  • Watch out for “Urgent messages”, saying your account will be closed, or locked, if you don’t reply, These are scare tactics that phishers use to intimidate or frighten their targets. An email may say you need to provide your login credentials to unlock an account, but the sender is actually trying to play on your fears to get your information. Using the website’s contact information, email the website administrator directly in a separate message to see if the request is actually from them.
  • Be wary of emails that seem legitimate because they use your name, your job role, the public part of an account number with the other part masked (e.g., “###-##-4352”), your birthdate or any other personal details that seem impossible to obtain. There is no telling how the sender received that information, and it doesn’t make them more trustworthy. This tactic is known as spearphishing, and it’s one of the most effective ways to dupe people.
  • Certain PDF attachments can look completely legitimate, even after you open the file. This is a tactic phishers use to create a false sense of security, and it may be the first step before leading you to a page that requests additional information.
  • Know that your cell phone is a target for scammers. In a tactic known as SMiShing, unsuspecting victims receive a text message along the lines of, “This message is to confirm your subscription to our service. Your monthly recurring fee of $10 is effective immediately. To cancel your order visit:” In truth, there is no fee and the link leads somewhere dangerous.

How We Help

Employees at companies that utilize Venture Solutions receive at-hire and annual training for identifying even the most clever phishing attacks. We take a proactive approach to ensure that sensitive data stays where it belongs. A single attack on an individual can lead to data theft on a company-wide scale, so it is essential that our clients understand the lengths people will go to deceive them.

Earlier this year, we implemented a program that tested our employees’ ability to spot a phishing attack and avoid becoming a victim. We send out emails that appear to be legitimate requests for information. These emails utilized a professionally designed layout, authentic credentials and even personal information only the sender, recipient and trusted contacts would know. The goal was to show the sophistication of today’s phishing attacks and how deceptive they really are.

Of course, the emails were perfectly safe. Clicking on a link in the contents led to a training video that outlined phishing attack threats. Had the email not been a test, there may have been a different outcome — It could have presented a big risk for our clients’ compliance posture.

Further Precautions

You don’t have to go it alone when it comes to data security. Venture Solutions is at the forefront of phishing protection. Besides extensive training and testing, both Venture and our clients utilize our data protection services to filter out potential phishing emails before they reach the inbox.

There may be no way to stop 100% of dangerous emails, but our clients have Venture’s phishing experts on their side to monitor and combat the evolving threat. There is a constant arms race between internet criminals and those tasked with stopping them. Until phishing is no longer a threat, we will continue to protect our clients from deceptive emails.

About the author

Information Security Officer

David joined Venture Solutions in 2001. In his current role as information security officer, David manages compliance of information security policies at Venture’s Dallas-Fort Worth, TX facility. He coordinates and facilitates client audits and manages remediation of audit findings. David is also responsible for testing and training of security processes and he creates and amends policy documents to reflect changing environments and requirements. In total, David has 13 years of experience in the areas of information security, communications security and encryption.