Cybercriminals and hackers are getting more sophisticated in terms of how they are exploiting weaknesses and breaking into systems. A common way is through email phishing scams whereby they send an email that looks like it’s from a known sender, but in reality, it’s a dupe sent in the hopes that the receiver will hand over the keys to a business’s systems and websites. If you have ever wondered how to tell if an email is fake or legitimate, read on for some key things to be on the lookout for.
The most common time people use public email domains such as @gmail.com or @yahoo.com is for their personal email addresses. Legitimate emails for business-related correspondence rarely use them. Instead, they use their own email domain and company accounts. For example, johndoe@mygreatcompany.com is a lot less suspicious than johndoecompany@gmail.com.
We’ve seen spoofed emails for everything from a “new” Gmail account, to “verify your email” correspondence from Paypal. If you didn’t recently sign up for anything new, but receive a confirmation email, there is a high probability that the email you’re receiving is not legitimate.
This is a more subtle way for would-be cybercriminals to trick their recipients, but here’s how to tell if an email is fake in this case:
Simply hover your mouse over the display name in the “From” section of the email, or if you’re checking a public email domain such as Gmail or Yahoo you may need to click the “From” section to see the actual email address of the person who sent the email. If the name and email in this area don’t match what pops up in the display box, or if the “From” and “Reply-to” addresses don’t match, it’s a red flag that the email is not from a legitimate source.
Note: In some cases, the emails that look legitimate are actually being sent via a third party such as email services like Infusionsoft or ConvertKit. Make sure that the third party is a legitimate website before clicking anything in an email that doesn’t come directly from the sender.
Goggle.com, Gooogle.com, Googgle.com, Paypals.com, Payspal.com, Yahoos.com, Yahooo.com
We’ve seen them all and they are all a scam. A legitimate organization would never misspell their own domain name in their email address. Make sure you’re reading the domain of sender email addresses very carefully. Sometimes we can glance over things like this not realizing they are misspelled because our brains don’t always slow down enough to catch errors. However, when it comes to email, it’s better to pay attention to even the most minute of details.
If you open an email, and the entire textbox is hyperlinked, it almost certainly is an illegitimate email. Some phishing attackers do this in the hopes that you will accidentally click somewhere within the textbox, and in so doing you could end up with a virus, or some other security breach.
Again this is another subtle way to trick recipients into believing they are reading a real email, but there’s a simple tip for how to know if an email is legit in this case too. All you need to do is hover over the web address with your mouse, and see if the link you’re being directed to matches what is typed in the text box.
If there is a sense of urgency in the email, it’s a red flag. Phishing attackers prey on fear, and hope that a message like “Your account is overdrawn. Contact us immediately.” will cause you to click through without thinking. It is always better to slow down and assess the situation before acting.
If it’s a banking email, log into your account in a new window, and check for yourself to determine if something is amiss. Or you could even call your bank and confirm whether or not everything is copacetic. Speaking of calling your bank, never call a phone number listed in a suspicious email.
We hope this post was helpful and taught you how to check if an email is fake or legitimate. If you suspect an email you have received is a phony one, go with your gut. You can never be too careful when it comes to cybersecurity.
MANAGING RISK WITH THE RIVIAL PLATFORM
The Rivial Platform is an all-in-one cybersecurity platform to manage, track, automate, and report cybersecurity. This advanced platform helps security teams and partners achieve the pinnacle of cybersecurity management by providing the only comprehensive, automated, & real-time cybersecurity platform. With data-rich dashboards and advanced, integrated features, users are able to track, automate, and report all cybersecurity functions in one place to protect themselves and their data from potential exposure and litigation.