Hackers will try to craft a sender email address to impersonate and trick the recipient into thinking the email is coming from a legit company, an employee, or even customer support. The email address might look like it is coming from a reputable entity, the CEO of your organization or even a stakeholder. However, if you look closely, you can see that both the sender’s name and email address doesn’t match. And if you are still unsure, you can always reach out to that individual or call the company to verify if they sent out an email or not.

Source: Barracuda, "Spear Phishing: Top Threats and Trends | Barracuda Networks"

Cybercriminals always create a false sense of urgency in the tone of the subject line. They want to nudge potential victims to act and respond quickly, especially if the email is looking like it is coming from an executive, colleague, or boss. The end goal of a shady subject line is suggesting that the email is part of a previous conversation to trick the user into trusting the sender.

Source: Finances Online, "52 Email Subject Line Statistics: 2022 Trends & Effective Ideas - Financesonline.com," January 2022

When looking at the messaging in a phishing email, 97% of people fail to recognize that it is a scam. However, there are important things to carefully look out for in the messaging. Phishing email messaging will present many red flags such as urgent language, asking the user reply to a different email address, grammatical errors, spelling typos, and even attempts to trick the user into thinking they will land a lucrative deal if they act quickly. Logically speaking, why would someone offer a deal that’s too good to be true? That is because the cybercriminals behind phishing emails incentivize the recipient to open an attachment or click on a link by claiming there will be a reward at the end.

Source: Stat Center, "50+ Email Spam & Phishing Statistics (2022 Update) (emailstatcenter.com)," January 2022

Attachments in a phishing email are used as a simple way for hackers to gain access to your sensitive information such as login credentials, credit card information, or your social security number. Not to mention that opening an attachment from a phishing email can be disguised malware that will infect your computer.

Source: Clearedin, "Top 10 Phishing Attack Statistics That Should Scare You (clearedin.com)," 2021

When approaching a suspicious email in your inbox, it might include a hyperlink or two that instructs you to act. It is always best to use extreme caution and do not click on any of the links. What might look like a legitimate link can be a disguised link that leads to a hacker’s website to steal your credentials. The best course of action is to hover your mouse over the hyperlink text and look at the bottom left of the screen to see the full URL of the website you would go to if you were to click on the link. Even if you receive an email with a link from someone you know or aren’t certain it’s safe, treat it with caution and don’t click on the link.

Source: Proofpoint, "Proofpoint’s 2022 State of the Phish Report Reveals Email-Based Attacks Dominated the Threat Landscape in 2021; Tailored Security Awareness Training Remains Critical for Protecting Hybrid Work Environments | Proofpoint US," February 2022