Estimated Reading Time: 5 Minutes
Dear Customer,
Your account has been locked due to suspicious activity. Please click the link below to access your account.
Okay, don't panic. We get it; receiving an email like this can be pretty scary. But whatever you do, do not click that link!
First, take a breath. You may be part of a phishing scam. But how can you be sure?
Here are four tips you can use to spot a phishing email.
Branding and Logo Discrepancies
Scammers often try to imitate legitimate organizations and businesses to trick their targets into interacting with a message.
One easy trick to spot a phishing scam is to check for branding discrepancies, especially with the logo. Suppose you’re familiar with a brand or organization. In that case, you may be able to immediately spot the difference between their real logo and a fake – like a logo that looks slightly distorted or low quality.
But if you’re unsure, here are a few things you can do:
- Google the organization’s logo. Does it match what you see in the email you were sent?
- Check other emails you may have received from this organization – if you’ve done business with them before. Do they look similar in style?
- Search for email examples from the organization. What do you see in the design of those examples? This tip usually only applies to larger, well-known companies, but it’s worth a try!
If you try these and still aren’t sure, don’t automatically assume the message is safe. Instead, try looking for other phishing scam red flags like grammatical errors. This is another big indication that a message is not safe to interact with and, instead, came from a scammer.
Grammatical Errors
Legitimate businesses wouldn’t send customers an email full of mistakes. So, if you receive an email with a lot of grammar and spelling mistakes, chances are it’s a phishing scam.
If you look closely, you can see grammatical errors that point to this email being a scam.
However, it’s important to note that just because an email doesn’t contain grammar or spelling mistakes, it doesn’t automatically mean the message isn’t a phishing scam. Many scammers are now turning to AI to initiate phishing attacks.
If you’ve scanned an email for branding discrepancies and grammatical errors but can’t find anything that stands out as a sign of a phishing scam, read the message again. Does it sound stiff or robotic? If you answered yes, this could indicate that a scammer used AI to create a mass-phishing email.
Generic Emails That Lack Personalization
Phishers often send their targets generic and non-personalized emails. Unlike credible brands and organizations, scammers don’t have the same information that a company you have interacted with before does. For example, when you want to receive messages from an organization, you must fill out a short questionnaire on the organization’s website or related webpage. The questionnaire form typically asks for personal information such as your name and email. This information is then stored in the organization’s database.
A lot of times (but not always!), organizations use this data to personalize messages sent to you. Look through your inbox and find a few emails from different companies. How often did the subject line or greeting mention you by name?
Phishing emails usually don’t mention their targets by name. This could be because a scammer doesn’t have access to the data you may give to an organization (like your name) or because they don’t have the time and technology to personalize every email they send.
If you receive an email that contains many errors, lacks personalization, and doesn’t match a company’s real branding, this is most likely a phishing scam. However, if an email sounds professional and matches an organization’s branding but lacks personalization, this isn’t enough to conclude that the email is unsafe.
Instead, you should use this as a sign to check other aspects of the email, like if the URL is correct.
Is the URL Correct?
You may be thinking, “How can I check a URL without actually clicking the link?” If so, great job! You never want to click on any links without first determining if the email is safe!
This is because 90% of cyberattacks begin with phishing. Scammers will impersonate friends, colleagues, and organizations to trick people into clicking harmful links. These links could result in various cyberattacks or data compromise incidents, including data breaches, data or service loss, identity fraud, malware infections, or ransomware.
So, how can you check a URL without actually clicking on it?
This tip will only work if you’re using a desktop computer. On your computer, open the suspicious message, but do not click on any links. Instead, hover your mouse cursor over the link sent to you. A small box will appear above your cursor, showing the full URL address. Without clicking the link, you can look at the address to see if there are any errors.
The link provided in this email is not the correct website address for this company.
If there are any errors, they may not be super obvious, which is why you have to look very closely. Scammers often employ a tactic called typosquatting (or URL hijacking), where they make subtle alterations to a URL to deceive their targets. For instance, "www.irisidentityprotection1.com," or “www.irisiDentityprtection.com” instead of www.irisidentityprotection.com.
ScamAssist Can Help
If you’re still unsure what to do after following these tips, don’t worry; you’re not alone. Phishing attacks have become increasingly sophisticated, making it harder to discern legitimate messages from harmful ones.
Luckily, there are resources available to help you identify scam communications and keep you safe from becoming a scam victim.
Iris Powered by Generali’s scam analysis tool, ScamAssist, is an easy-to-use online tool that combines proprietary scam evaluation technology with a unique human review element to deliver the most reliable results.
The review process is easy; simply submit suspicious emails online or call our Resolution Specialists for support with any type of scam – email, phone, text message, or direct mail.
Want to try ScamAssist for yourself before providing it to your customers? In honor of Cybersecurity Awareness Month, we are offering a free trial of ScamAssist. This trial is only available during October, so act fast! Start your free trial today.
For more #BeCyberSmart resources, follow us on LinkedIn and Facebook, read our Cybersecurity Awareness Month blogs, and check out The Iris Guide to Outsmarting a Scammer webpage.