This recent Mediapost article by Ray Schultz warns consumers that phishing attacks and email fraud will spike on Cyber Monday, which falls on November 27th this year.
Schultz cautions that the most commonly victimized brands will be Amazon, Walmart, and Target. It’s probably safe to say you can expect it from other big names like Best Buy, Apple, and PayPal, too.
According to Schultz’s article, nearly 40% of Americans have clicked on a malicious link from an email believing it to be from a valid source.
So we’re going to show the telltale signs of a phishing email to help you avoid the gift of a stolen credit card number or a shiny new computer virus. Happy Holidays, indeed!
Anatomy of a Phishing Attack
Sketchy From email address.
Many email inbox providers show just a From name instead of the From email address. This is why you should always check what the From email address is — if it’s anything other than the domain of the company itself, you’ve got a spammer on your hands.
Here’s an example:
As you can see, the email says it’s from Apple and the subject line says “Update.”
If we open the email, not only is Gmail already waving the red flag for us (this one was properly routed into our spam folder), but we can plainly see that the from email address is some BS Gmail account:
Checking the From email address can be the fastest way to determine if an email is legitimate or not.
Terrible grammar or spelling.
If you hadn’t already noticed, most spammers seem to be terrible at spelling and syntax. Let’s take a closer look at the example above:
Red flags here include:
◦ An impersonal “Dear Client” with a space then an exclamation point (face palm).
◦ They call your Apple ID “the Apple ID,” which sounds clunky and awkward.
◦ They tell you to log in “before this deadline,” but don’t tell you what the deadline is.
Some errors are harder to catch. Take a look at this fake Home Depot email. Can you spot the telltale error here?(Source)
Congrats if you spotted that Sign Up is incorrectly spelled as “Sing Up” in the upper right hand corner. While we read phrases like “order whose recipients,” “received in any Local Store of HomeDepot.com,” and “on a Thanksgiving Day,” and physically cringe, we recognize they wouldn’t necessarily be obvious to everyone, but those are red flags, too.
It’s always a good idea to check links out before you click on them. There are a few ways to do this. In Windows, preview a link by hovering your cursor over it – in any OS you can right click the link and choose Inspect or Inspect Element to open your browser’s console – this will show you the HTML link directly.
Here’s a great example of a fake Amazon email from the Holladay Properties blog – note how the link looks like a legit URL while the actual link is something entirely different:
Threats to terminate your account.
Phishing attacks oftentimes come with some kind of deadline after which your account will be “terminated.” Rarely is any kind of first notice about an expired credit card, payment method, or password issue so heavy handed. Think about it – companies want to retain your business – you are the customer! They like you! Most first notices are a friendly reminder that your card is about to expire and would you mind updating it? Even in the Amazon example above, it’s unlikely that suspicious account activity would be given a random 36-hour deadline for action before termination.
If the email contains an attachment of some kind, don’t open it! Especially if the extension of the file is .exe, .bat, .php, .scr, or .zip. Word and Excel files should also be viewed with skepticism. They are often used to install malicious software or viruses on your computer.
Good News: Phishing Attacks Are Easy to Prevent
Thankfully, with a little attention to detail, identifying phishing attacks and questionable emails is pretty easy to do.
And since we know you’re ramping up to get those holiday emails out, let’s end this on a lighter note by making sure that you check out our post on Thanksgiving Email Inspiration for your upcoming holiday sends!
What other tips and tricks do you have to avoid phishing attacks this holiday season? Share them in the comments!