Don't be FOOLED!!

How to Spot Phishing Emails

TRA board members will never email you asking for you to purchase them gift cards!! 

These emails usually come under disguise as one of our board members, but if you look closely at the actual email address it is not OURS. 

Here are some helpful tips to not fall victim to these scammers:

What Might be a Phishing Message?

A phishing message is an email or text that appears to be from a legitimate source, but is actually sent by threat actor with malicious intent.

Phishing messages can be sent through emails, websites, text messages or even through social media. These messages are often designed to appear like legitimate communications from banks, government agencies, online services providers or other organizations.

How to Spot Email Phishing

The first step in how to spot email phishing comes with understanding what a phishing email is.

The most accurate definition of a phishing email is an email sent to a recipient with the objective of making the recipient perform a specific task. The attacker may use social engineering techniques to make their email look genuine and include a request to click on a link, open an attachment, or provide other sensitive information, such as login credentials.

Socially engineered phishing emails are the most dangerous. They are constructed to be relevant and appear genuine to their targets. The recipient is more trusting of the email and performs the specific task requested in the email. The results can be devastating. If the recipient clicks on a link to a malware-infected website, opens an attachment with a malicious payload, or divulges their login credentials, an attacker can access a corporate network undetected.

4 Tips to Help Spot it:

1. Emails Demanding Urgent Action

Emails threatening a negative consequence, or a loss of opportunity unless urgent action is taken, are often phishing emails. Attackers often use this approach to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies.

2. Emails Stating “Don’t call me”

As these threat actors are pretending to be someone else, they don’t want you calling the actual person, they will tell you things like “I have limited cell connectivity today, so just email me”. Once you respond to the email they will request you to take actions that will cost you money i.e., purchasing gift cards etc.

3. Emails with Bad Grammar and Spelling Mistakes

Another way to spot email phishing is bad grammar and spelling mistakes. Many companies apply spell-checking tools to outgoing emails by default to ensure their emails are grammatically correct. Those who use browser-based email clients apply autocorrect or highlight features on web browsers

4. Emails with an Unfamiliar Greeting or Salutation

Emails exchanged between work colleagues usually have an informal salutation. Those that start “Dear,” or contain phrases not normally used in informal conversation, are from sources unfamiliar with the style of our interactions should arouse suspicion.