Can you tell the difference between an authentic email and a phishing message? Even for security professionals who live and breathe Information Security, it has become harder and harder to decipher phishing messages from authentic emails.
Just the other day I received an email that looked remarkably similar to a PayPal email. It wasn’t from PayPal and the scary part is that there were potential serious consequences if I had clicked on the link in the email:
- I could have been tricked into providing my PayPal credentials.
- My computer could have been hit with ransomware.
- A nefarious actor could have installed malware or taken control of my computer.
So how do you tell the difference? The email contained four red flags that helped me decipher its authenticity:
- The email was sent to one of my alias email accounts and not my primary email that is registered with PayPal.
- The date was formatted for a European company, yet PayPal is a US company and I am in the US.
- PayPal is not a geo-location service. They would not know where I made a purchase from.
- I scrolled over the URL and it was not a PayPal link. This may be the most important red flag! NEVER NEVER NEVER CLICK ON THE “CLICK HERE” LINK!
These are red flags to watch for in both your personal and professional emails.
As a security expert, I am always emphasizing the importance of data protection and security awareness. Companies across the globe are being attacked every second. We need to be continually educating our employees on how to protect themselves and our corporate assets. This can be achieved through security awareness workshops, training, and sharing relatable case studies (like this fraudulent PayPal email).
Watch Online Business Systems’ Security blog for more information around security trends, bulletins, and examples that will help you and your organization stay security-aware. Better yet – subscribe to the blog so you never miss an important update!