1. Suspicious Sender

   • Red Flag: Emails or messages from unknown or unusual senders, or addresses that don’t match the supposed sender’s domain (e.g., a bank email from a Gmail address).
   • What to Do: Always verify the sender’s email address. If it looks suspicious or unfamiliar, do not click on any links or open an attachment. Contact the supposed sender directly through an official channel to verify the message’s authenticity.

2. Urgent or Threatening Language

   • Red Flag: Messages that create a sense of urgency or fear, such as threats of account suspension, fines, or legal action if you do not respond immediately.
   • What to Do: Legitimate organizations rarely ask for sensitive information or immediate action via email. Verify the claim by contacting the organization through their official website or customer service number.

3. Unsolicited Attachments or Links

   • Red Flag: Unexpected attachments or links, especially if they come from unknown senders or are not related to any recent actions you’ve taken.
   • What to Do: Do not open an attachment or click on a link in unsolicited emails. Hover over links to see the actual URL before clicking. If it looks suspicious, delete the email or message.

4. Poor Grammar and Spelling (With AI, this trick is losing its luster, you will need to look at context, tense, and tone to gain the edge from now on!)

   • Red Flag: Emails or messages with numerous grammatical errors, misspellings, or awkward phrasing. Professional organizations typically maintain high standards for their communications.
   • What to Do: Be cautious of messages with poor grammar or spelling mistakes. If the message appears suspicious, do not engage with it. Verify its legitimacy by contacting the organization directly. Also, you might need to go back to school to review your grammar rules. 

5. Requests for Personal Information

   • Red Flag: Messages asking for sensitive information such as passwords, Social Security numbers, bank details, or credit card numbers.
   • What to Do: Legitimate companies will never ask for sensitive information via email. If you receive an email with such a request, do not provide any information. Report the phishing attempt to the relevant institution and delete the message.

Additional Email Tips to Avoid Phishing Attacks:

• Use Security Software: Install and update antivirus and anti-malware software to protect your devices. We recommend a Zero Trust “out of the box solution” called Warden. Because detection is not going to cut it anymore, learn why here.
• Enable Two-Factor Authentication (2FA): Adds an extra layer of security to your accounts.
• Stay Informed: Keep up to date with the latest phishing techniques and scams through awareness training.
• Recognize Spoofing: Be wary of emails that appear to come from familiar sources but have slightly altered email addresses or domains.

Common Phishing & Spear Phishing Tactics by Scammers:

• Spoofing Email Addresses: Hackers often spoof email addresses to appear legitimate.
• Malicious Links and Attachments: Be cautious of clicking on a link or opening an attachment from unknown senders. These can install malware on your device.
• Creating a Sense of Urgency: Scammers often use urgent language to trick you into reacting quickly without thinking.
• Harvesting Credentials: Attackers aim to steal your login credentials, leading to potential data breaches.

By staying vigilant and recognizing these red flags, you can protect yourself from falling victim to phishing scams. Remember, your awareness and caution are your best defenses against these deceitful attacks. Stay safe and always think before you click on a link or open an attachment.