Five Ways to Identify a Phishing Attack

February 25, 2019


Phishing attacks are becoming more sophisticated and convincing, causing their victims to face extreme losses in their businesses. In fact, in 2017, 76 percent of organizations said they experienced phishing attacks. These scams are more common than you think and need to be considered a top priority when it comes to mitigating business risks. But what are phishing attacks, and how can you identify them?

A phishing attack is when a cybercriminal pretends to be someone they are not via email to extract sensitive and confidential information about you and your business. These attacks can be extremely detrimental, potentially causing you to lose your business.

A cyber predator can attempt to steal confidential information form you by eliciting fear, curiosity and a sense of urgency. The criminal will input a direct call to action in the email, highly encouraging you to open or click on an “attachment.” This “attachment” or “link” will be the entryway for the cybercriminal to steal your information. Fortunately, there ways you can identify phishing attacks before they steal confidential information. You can help protect your business by knowing these five tactics scammers commonly use.

1. The email is sent from a public email address. Look at the sender’s email address, as this can help identify if the person is truly who they claim to be. Criminals often use a public email address such as Also, check the spelling of the domain to ensure it is familiar to you. A slight change in the domain can be easily overlooked.

2. Strange attachments. If you receive an unexpected email or an email from someone you don’t know asking you to open an attachment, do not open it. These attachments can contain malware — software that can harm your computer and capture your personal data.

3. Sense of urgency. The cybercriminals can create a sense of urgency by warning you that your account has experienced suspicious activity or an invoice is due. These are warning signs. Never use any contact details or click any links provided in the email.

4. Links to unrecognized sites or URLs that misspell a familiar domain name. Phishing emails may ask you to click a link within the email. By hovering your mouse over the link or address, you can see the linked site’s true URL. These URLs can be slightly misspelled or completely different than what you are expecting, so always double check before you click.

5. Poor spelling and grammar. You can often detect a phishing email by how it is written. The writing style might be different and usually contains spelling mistakes and poor grammar.

Understanding these five tactics is crucial to protecting your organization from phishing attacks. However, training your employees to adhere to these prevention methods is even more important. Protecting your organization is an all hands-on deck practice and should be taken seriously. Is your business aware of ways to identify catastrophic phishing attacks?