Phishing is a form of online scam that is widespread and can affect anyone who is careless. It is therefore critical to recognize the characteristics of phishing and protect yourself and your organization from this threat. In this article, we will discuss the main characteristics of phishing and what steps you can take.

Characteristic 1: Unknown senders

One of the main features of phishing is receiving unexpected messages from unknown senders. Scammers often send emails, text messages or even phone calls with fake solicitations or offers. These messages may appear to come from well-known organizations, such as banks, social media platforms or government agencies. It is important to be alert to such messages and be cautious when providing personal information.

Although there is the possibility of spoofing, a phishing email often comes from an unknown email address. This can range from a totally unknown email address to one that is virtually the same as from a known party. In the latter case, for example, PayPal could be written as paypai or pypal. To the unwary user, this is often indistinguishable from the real thing.

Characteristic 2: Urgent tone

Phishing messages often try to instill fear or urgency in the recipient. They may threaten to close an account, block a credit card or even face legal consequences if immediate action is not taken. This urgent tone is meant to pressure the recipient and make them act without thinking. It is important to remain calm and take the time to verify the authenticity of the message before taking action.

Characteristic 3: Poor grammar and spelling mistakes

Another characteristic of (older) phishing messages is the use of poor grammar and spelling mistakes. Scammers often operate from other countries and their messages may have been translated or written by people with limited language skills. As a result, the messages often contain glaring grammatical errors, strange sentence structures and misspellings. Professional organizations will usually use correct language, so be alert to such linguistic deficiencies.

Incidentally, it cannot be ruled out that this is sometimes done intentionally. After all, someone who responds to an email from a bank with massive spelling errors is more likely to fall for the rest of the scam as well.

Feature 4: Suspicious URLs

Furthermore, these messages often contain suspicious URLs and links that lead you to rogue websites. These URLs may differ slightly from legitimate websites. Look for misspellings, extra characters or unusual domain extensions. It is important not to simply click on links in suspicious messages. You can check the authenticity of a link by moving your mouse over it (without clicking) and viewing the link. If the link looks suspicious or does not match the expected address, do not click on it and go directly to the website through a trusted source.

Feature 5: Attachments

In addition to links in emails, criminals also make extensive use of attachments. By downloading this file, a software program can be installed which allows the hacker to access your systems. Therefore, never download files from sources you do not know. And even if you know the sender, when in doubt, it is best to call first.

Characteristic 6: Personal information

Phishing attacks often aim to obtain personal information, such as usernames, passwords, credit card details or banking information. Scammers may ask you to enter this sensitive data on fake Web sites, or they may ask you to provide this information via e-mail or phone. It is important to never provide personal information unless you are certain of the reliability of the source. Legitimate organizations will never ask for such information unsolicited.

Characteristic 7: Impersonal

Especially if the criminal is sending emails in large numbers, the salutation will often be impersonal. Think “Dear Sir/Madam” or “Dear Customer.

However, one should not assume that if one does get addressed by first or last name that the email is then legitimate. For example, a spear phishing attack does not involve an impersonal approach. So it is important to understand the different types of attacks well.

Recognizing phishing is done by carefully remembering these phishing characteristics. Remember that any request to open an attachment, click on a link or send data can be a potential attack. Even when the sender appears to be legitimate.