logo
TitanHQ

TitanHQ Blog

Phishing Attack Prevention: How to Identify & Avoid Phishing Scams in 2021

Posted by Trevagh Stankard on Tue, Aug 31st, 2021

Phishing attacks are a common occurrence for businesses, with the rise astronomical rise in phishing scams in 2021, discover how to avoid phishing attacks. 

You get an email in your inbox.  It looks legitimate, sounds urgent and requires you to take some type of immediate action.  Should you take it seriously or just click delete?  Security conscious professionals will tell you to always air on the side of caution and delete it.  Yet, there is this innate uncertainty that causes many people to take the email’s suggested action just in case.  After all, it makes perfect sense why Netflix, Paypal or Bank of America are contacting you as you are a customer of theirs. 

Believe it or not there are more than 3 billion spoofing emails sent every day.  While most email accounts are protected by some type of filtering security solution, a few still make their way through the system, which accentuates the possibility that it is legit to an end-user since it made it into the inbox.  Below we have compiled a few ways to identify and avoid phishing scams today.

Always Check the Sending Address


You need good bait to snag an unsuspecting email user with a phishing scam.  While phishing emails a decade ago were interlaced with spelling errors and bad grammar, making them a dead giveaway, that isn’t so much the case today.  Many phishing emails today include the actual company logo and corporate header in the body of the email today.  These graphics are not only used to make the email look as official as possible, it draws your attention away from the actual sender’s address.  For instance, check out the example below.  While the Sender’s name announces IRS.Gov, the actual sender’s address clearly comes from a separate domain.  However, the official seal of the IRS in the right-hand corner makes the user take notice of it, diverting their attention from the email header entirely.  Note that the email contains both an attachment and an embedded link. 

Pandemic Security: Three Key Cyber Threats Threatening the Working from Home Movement

While the body of the email reads well and makes perfect sense, you don’t even have to waste time reading it if you first validate the sending address every time.  If for some reason you have an email client you are unfamiliar with and can’t find the email header, you can always hit the forward button.  The forwarding email will include the sender’s actual email address in the body of the email.

A bad sending address is sometimes hard to spot at first glance.  For instance, the return address might be paypaal.com for instance in which the actual domain is off by one letter.  Cybercriminals often purchase typosquatting domains of a popular domain name and then emulate its web site.  Always read the sending email address carefully.

How do they know I am a customer?

You might wonder how they happen to know that you are a customer of a particular company. How do they know that you are expecting a package from a particular shipping company?  In most cases, they don’t.  Cybercriminals simply pump out millions of these emails impersonating global companies knowing that a certain percentage of users will indeed be actual customers.  If you do find yourself getting a lot of suspicious emails from internet companies that you frequently visit, your computer might be infected with spyware that is capturing all of your web traffic and forwarding it to the attacker.  If that’s the case, you will need a good endpoint security application or spyware cleaner to scrub your machine.

Common Story Lines

Phishing attacks tend to use the same story type lures over and over.  Why?  Because they work.  Here is a list of storylines that should immediately send you a red flag.

  • Your employer’s IT department is asking you to do something but the email signature is generic such as “IT Department” or “Help Desk.”
  • A company sends you a notice of suspicious activity concerning your account and asks you to take some type of action such as resetting your password.
  • A business has sent you an invoice in the form of an attached PDF file.
  • A government office or IRS states that you are eligible for a government refund or subsidy
  • You are requested to confirm some personal information concerning your account
  • The email lacks a personal greeting and refers to in a generic context such as “Dear User.”

Good Rules to Follow

Here is a list of good rules to follow to save you time and effort in evaluating the legitimacy of an email.

  • No organization is ever going to ask for your password.  They will also not send an unsolicited email to have you change your password either.

  • While the IRS or financial institutions will send you emails to confirm the receipt or a change to your profile or account, they will never send you an unsolicited email asking you to do something.
  • Never call a phone number of a financial institution contained within an email that is asking you to respond to something.  Look up the number yourself and call.
  • If someone emails you an invoice that you aren’t expecting, ignore it.  The same goes for an email concerning a package you aren’t expecting.

Guide: Reducing Risk of Phishing and Ransomware

Two Good Security Measures

Every organization that provides email to their employees needs to secure all email activity with an advanced email security system. Common phishing scams, password hacks, credit-card frauds, and malware attacks can be defended against with widely available tools and low-level training.

An email security solution such as SpamTitan will block phishing attacks as well as ransomware and other malware variants.  You should also protect all financial accounts with some type of multi-factor authentication.   This will protect you if your credentials are ever compromised.  While phishing attacks remain a highly serious threat today, the defenses to protect yourself against them are available.  The first defense against cybersecurity for small businesses begins with taking responsibility for it. Speak with us directly or your managed service provider, they will be able to offer critical cyber security services, security awareness training and advice on data protection, backup and data recovery.

Talk to a TitanHQ security expert today. Discover howSpamTitan Email Security can preventing phishing attacks. Get in contact today.

Never Miss a Blog Post

Sign-up for email updates...

Get Your 30 Day FREE Trial
TitanHQ

Talk to Our Email and DNS Security Team

Call us on USA +1 813 304 2544 or IRL +353 91 545555

Contact Us