Phishing has become one of the most pervasive problems facing data security staff today. Generally speaking, a basic phishing attack is relatively easy to conduct and inexpensive for the attacker. More sophisticated spear-phishing and whaling attacks — attacks that focus on specific individuals — take more time to prepare and research, but they too can be very inexpensive to perform.
When you are going through your email and before you click that link, here are some rules of thumb to consider first:
1. Does the email ask for personal or sensitive information, such as your date of birth, Social Security Number, an account number or login credentials? Most legitimate businesses do not request such data in an email.
2. Does the email asks you to click on a link to access a web site? If so, that site might be fake.
3. Does the email have a generic salutation rather than your name? Your bank or service provider know who you are and normally will address you by name.
4. Does the email have an attachment? If you are not expecting an attachment, don't click on it. Confirm its validity first with the sender.
5. When you move your mouse over the email, is the entire email is a hyperlink? If so, it likely is a phishing attack.
6. If the email makes an offer too good to be true, such as a large sum of money, a prepaid gift card or an expensive piece of electronics for free, it's likely a phishing attack.
7. Be careful of emails that make an emotional plea while asking for money. While many charities use such tactics, it also is a popular approach used by phishers.
8. If the email claims you have an immediate problem, such as a virus or that you are running out of email storage space, and you must take immediate action, be careful. This is a common phishing tactic.
9. If the email makes a direct threat and requires that you take immediate action by clicking a link for the IRS, a police agency or the like, it's probably fake.
10. An email might appear to be from a friend asking for money. Never send money without calling the friend first to confirm the request.