Social Engineering

The sender's address may imitate a legitimate business or someone you know;  the key word here is imitate. Cybercriminals will often use an email address that closely resembles the legitimate address but if you pay attention you'll find the cybercriminal's address often has altered or missing characters.

The cybercriminal is counting on us not paying attention.

Generic greetings such as "Dear Valued Customer" or "Sir,/Ma'am" and signature blocks without any contact information are strong indicators of a phishing email.

Email from legitimate organizations will typically address you by name and provide their contact information.

Malicious websites may look identical to legitimate sites but the URL will often use a variation in spelling or use a differet domain (e.g., .net instead of .edu).

Malicious sites may also use URL shortening services to hide the true destination of the link.

If you hover your cursor over any links in the email you'll see where the link goes.

If a message is filled with poor grammar, spelling errors, or different font types and sizes in words and/or sentences it probably didn’t come from a valid organization.

Most phishing scams try to trick you into providing them with cash or your sensitive information such as your username and password by promising you instant riches or worse they try intimidation to scare you into giving in to their demands. Legitimate businesses or government agencies will not send threating messages.

An unsolicited email asking you to download and open an attachment should make you take notice because this is a common delivery mechanism for malware. Cybercriminals will often try to convey a sense of urgency or importance to convince you to download and open attachments without first examining them.

No matter how official an email might look, it’s always a red flag if the message asks you for any type of personal information such as but not limited to: your social security number; your username/password; account numbers (bank, credit card etc.), or the answers to your security questions.

If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use the contact information provided in the email; instead, check using contact information from the company's site. Do not use any links provided in the message. Visit the website directly from your browser.

How many times have we heard…"If something seems too good to be true then it probably is"?

If the message informs you that you won a contest you never entered or that you won the lottery you never played, but before you can collect, they demand you pay for miscellaneous expenses, taxes and fees upfront, you can bet it’s a scam!