Phishing attacks are one of the most common cybersecurity threats you can encounter online. Phishing, as defined by Cisco, is “the practice of sending fraudulent communications that appear to come from a reputable source.” Because it’s normally done through email, when we think of phishing we think of spam email. 

The end goal of a spam email is to steal sensitive information (credit card, passwords) from the user or to install malicious software (malware) on the device. Malware works by damaging computers and computer systems and can leak private information, gain unauthorised access or deprive users of access (ransomware). 

There are some scary stats out there to give you a broad idea of how much harm spam emails can cause:

• * 92.4% of malware sneaks into a device through email (2018 Verizon Data Breach Investigations Report)
• * 1 in 131 emails you open on your laptop contains malware (Symantec 2018 Internet Security Threat Report)
• * Laptop owners are vulnerable to more than 4,000 ransomware attacks that occur every day (U.S. Federal Bureau of Investigation)

The top 4 red flags an email might be spam are:

1. The email address 

The first clue that an email might be spam lies in the email address itself. Hackers may compose their spam emails to appear as if they are coming from an existing contact. 

Because we’re so used to spam filters, you are more likely to open the email and not question its contents. But the way phishing works is that hackers can fake email addresses by slightly adjusting the domain name.  

Jan Chapman, Co-Founder and Managing Director of IT Security company MSP Blueshift, explains more about how this works: “A spoofed email address can for example fake an organisation’s name by one letter. For example, instead of jan@mspblueshift, a threat actor could write jan@msppblueshift. It’s a hack that it’s very easy to be overlooked, especially by an employee in an organisation. I cannot stress enough about the importance of IT security.”

2. Urgent or threatening language

Keep in mind that real emergencies don’t happen over email. 

These types of emails normally pressure the user to respond quickly. It can either be positive: “you have won a prize, claim it NOW,” or negative “we’re taking legal action against you, respond ASAP.”

Other types of urgent messages can claim to close your account, or even that your security has been compromised. Always contact your bank provider and other services to find out if the request is real. 

3. Requests for sensitive information

A phishing email appears to originate from a trusted source – more likely one that holds sensitive data or information – for example, your bank. 

The email encourages you to divulge private and sensitive information. The request could look like this:

• * Reply to the email
• * Go to this website to complete a form
• * Update your bank details by clicking on the link 
• * Links directing you to login pages

Remember: this isn’t common banking practice, so proceed with caution. 

4. Suspicious attachments

Email attachments make even the strong curious, but you should always make sure you’re not opening or downloading attachments that contain malware. 

Look out for:

• * Attachments you didn’t ask for
• * Weird file names 
• * Uncommon file types (if it’s not pdf, png, jpg, csv or a file extension you are familiar with, look twice)
• * File type extension that doesn’t match the file type (for example, a document with a .pdf extension)
• * Sender details 

Conclusion

As you can see, spam emails can cause a lot of damage and you should always be careful when opening suspicious emails. 

But if you know what to look for, spam emails can be easy to spot. Taking the time to form good email security habits will protect you, your loved ones and your company from cybersecurity attacks.