Phishing Detection: A Practical Guide

• Urgency and Fear: Messages that create a sense of panic, like "Your account has been compromised, click here to secure it immediately."
• Spoofed Emails/Websites: Emails that look like they come from trusted sources (banks, social media, etc.) or websites that mimic legitimate ones.
• Suspicious Links/Attachments: Links that lead to fake login pages or malicious websites, and attachments that contain malware.
• Generic Greetings: Phishing emails often use generic greetings like "Dear Customer" instead of your name.
• Poor Grammar and Spelling: While not always present, unprofessional language can be a red flag.

Examine the Sender's Email Address: Hover over the sender's name to reveal the actual email address. Look for subtle misspellings or unusual domain names (e.g., `bankofamerica.co` instead of `bankofamerica.com`).

Scrutinize Links: Before clicking, hover your mouse over any links to see the actual URL. Be wary of links that don't match the supposed destination or use URL shorteners in unexpected contexts.

Check for Personalization: Legitimate companies usually address you by your name. Generic greetings are often a sign of a phishing attempt.

Analyze the Message Content: Look for grammatical errors, awkward phrasing, or an unusual tone. Phishing emails often contain requests for sensitive information or threats of account closure.

Verify the Source: If an email or message seems suspicious, don't reply or click. Instead, go directly to the company's official website by typing the URL into your browser or use a known contact method (like a phone number from their official site) to verify the request.

Be Cautious of Attachments: Never open attachments from unknown or suspicious senders, especially if they are unexpected. They can contain malware.

• Use Email Spam Filters: Most email providers have built-in spam filters. Ensure they are enabled and updated.
• Install Antivirus/Antimalware Software: Keep your security software up-to-date to protect against malicious downloads.
• Enable Two-Factor Authentication (2FA): Where possible, enable 2FA for your online accounts. This adds an extra layer of security even if your password is compromised.
• Browser Security Settings: Configure your web browser to warn you about potentially unsafe websites.
• Stay Informed: Be aware of the latest phishing scams and tactics. Resources like cybersecurity blogs and news outlets can be helpful.

If you believe you have received a phishing attempt:

1. Do NOT click on any links or open any attachments.
2. Do NOT reply to the sender.
3. Mark the email as spam or phishing in your email client. This helps improve spam filters for everyone.
4. Report the phishing attempt to the organization being impersonated. Most companies have a dedicated email address for reporting such incidents (e.g., `abuse@company.com` or `phishing@company.com`).
5. If you accidentally clicked a link or provided information:
   • Change your passwords immediately for affected accounts and any other accounts that use the same password.
   • Monitor your financial accounts for any unauthorized activity.
   • Contact your bank or credit card company if you suspect financial information has been compromised.
   • Consider running a full scan with your antivirus software.