How To Spot Phishing: The Seven Red Flags

by | Feb 3, 2024 | Cybersecurity Tips

Learn how to spot the 7 red flags of phishing, cybersecurity tips for older adults and children, and how to equip colleagues with knowledge of phishing.

October is Cyber Security Awareness Month (CSAM). The goal of CSAM is to help Canadians stay cyber-safe by equipping them with knowledge through the following four themes:

For the final week of CSAM we’re focusing on the theme, “Putting It All Together”. This week, we’re discussing how to spot the 7 red flags of phishing, cybersecurity tips for older adults and children, and how to equip colleagues with knowledge of phishing.

The 7 Red Flags of Phishing

Phishing is a common method that hackers will use to steal valuable information from individuals and organizations. Phishing scams are often disguised as messages from people and organizations that you trust, making them easier to fall victim to.

The most important way to avoid a phishing scam is to learn how to recognize one. Here are seven red flags to look out for:

  1. Urgent or threatening language: Look out for threats of closing your account or taking legal action, and pressure to respond or act on something quickly.
  2. Requests for sensitive information: Be on alert for links directing you to login pages, requests to update your credentials, and demands for your or your company’s financial information.
  3. Anything too good to be true: Avoid actions on messages that claim winnings from contests you’ve never entered, prizes you must pay to receive, and inheritance from long-lost relatives.
  4. Unexpected emails: Disregard emails such as receipts for items you’ve never purchased and updates on deliveries for things you didn’t order.
  5. Information mismatches: Look out for incorrect (but maybe similar) sender email addresses, links that don’t go to official websites, and errors in spelling or grammar that a legitimate organization wouldn’t miss.
  6. Suspicious attachments: Avoid attachments that you didn’t ask for that have weird file names or uncommon file types.
  7. Unprofessional design: Be on alert for incorrect or blurry company logos, image-only emails, and company emails with little, poor, or no formatting.

If you encounter any of these red flags in an email or message, do not interact with it. Rather, delete the email or message. If you are unsure, ask the sender about the message through a different channel.

Cybersecurity Tips for Older Adults and Children

Learning how to be cyber safe can seem like an overwhelming task. For older adults and children, there is a lot to learn about practicing safe online behaviour, as well as ensuring your devices are protected from cyber threats. The best way to prevent falling victim to a cyber-attack, such as phishing, is to know how to recognize and prevent yourself from becoming a victim.

Our devices do a great job of making our lives more convenient! For example, older adults can turn to their computers and tablets to chat with their family and friends, and kids can turn to their smart speaker and ask for homework help (“Hey Google, what is 2 x 2?”), learn about any topic of their choosing, play music, and more! But, just like other internet-connected devices, smart devices can give potential cybercriminals access to our information.

If you encounter any of the seven red flags of phishing in an email, phone call, or text message (aka smishing), do not interact with it. Delete the email or text, do not answer the call (or hang up), and if relevant report it. Phishing attempts are becoming more sophisticated, so if you are unsure ask the “sender” about the message through a different channel.

For example, if your child receives an email from their teacher asking them to send them personal information- it is likely a phishing attempt as teachers, or the school would reach out to the parent. In this case, you or your child can ask their teacher directly in their next online or in-person class to confirm if the request was legitimate or not.

Older adults must also be on the lookout for the red flags of phishing as they can become a target of cybercrime such as romance scams, tech support scams, and even grandchild scams. Some actionable steps that both older adults and parents of young children can take to practice cyber safety include:

  • Teach children about cyber safety
  • Think twice before you share any personal information online
  • Always verify requests with a trusted source
  • Use anti-virus and malware protection
  • Backup your data
  • Only visit trusted websites and do not click on unknown links or attachments
  • Protect your accounts with MFA
  • Use complex passphrases and passwords

For more tips about how older adults can stay safe online, check out this article by Get Cyber Safe.

How To Equip Colleagues with Knowledge Of Phishing

Whether you’re working at the office or remotely, cyber security practices should be taken seriously. Businesses of every size can be a target of cyber crimes such as ransomware, phishing, and malware. While not completely unavoidable, proactive measures should be taken to avoid cybercrime and protect your business networks.

Cyber security is a team effort that requires action from both management and employees. The best way to equip your team to prevent becoming a victim of cybercrime is to learn how to recognize and prevent it! Here is what you can do to ensure your team is prepared to avoid common cyber crimes, such as phishing:

  • Implement Email Best Practices: Combat the inevitability of cybersecurity breach attempts through email by communicating best practices with your employees. Practices such as: separating internal and external emails, prohibition of all unknown email link clicks and keeping an updated SPAM filter.
  • Educate Your Team: Ensure that your team understands what is at stake with a business’s cybersecurity. Highlight case studies to show your team how poor cyber habits cost other businesses and share examples of what an attempted cyberattack looks like. Learn the seven red flags of phishing, and always be on alert.
  • Implement Information Regulations: Create strict rules on when it is appropriate for an employee to give out personal, sensitive or business-related information through any form of electronic communication or online medium.
  • Implement Browser Best Practices: Combat the inevitability of cybersecurity breach attempts through online websites by communicating browser best practices with your employees. Practices such as firewall implementation, browser monitoring/usage limitations and education on online safety features (such as SSL).
  • Implement Personal Account Regulations: Create regulations surrounding what personal accounts employees can and cannot access on the business network (such as personal banking and email accounts).

Your colleagues are your first line of defense against common cyber attacks, including phishing and ransomware. Did you know that AlphaKOR offers Cyber and Phishing User Training services? These services include dedicated training and educational materials to educate your employees about cybersecurity risks. Click here to learn more.

Your Cyber Security Partner

As Cyber Security Awareness Month comes to an end, be sure to extend what you have learned this past month into your everyday cyber habits! For more tips cyber security awareness tips, be sure to check out all of our CSAM blogs.

For all your cyber security needs, be sure to reach out to our security experts at AlphaKOR! Use the orange chat button on the bottom right of your screen or visit our Contact page to send us a message.

Here are some more blogs from this category.

Are You Aware of the Digital Risks to Your Business?

Are you aware of the digital risks to your business? In this post, we discuss the different types of digital risks you should be looking out for and more!

Cyber Incident Response 101 for Small Businesses
Do you have a plan in place to respond quickly and effectively to cyberthreats? We’re diving into the importance of an Incident Response Plan to your...
Securing Your Remote Workers

Is your remote workforce secured? Remote workers have the ability to access critical company data, making your company more vulnerable to cybersecurity threats.

Strengthen Your IT & Data Security to Prevent Cyberattacks

Is your cybersecurity posture good enough to withstand a potential attack? In this post, we’re discussing common cyber threats that businesses are prone to.

3 Types of Cyber Insurance You Need to Know About
If your company handles, transmits or stores sensitive data, you need to know about cyber insurance. In this post, we’re discussing 3 types of cyber...
3 Times Businesses Were Denied Cyber Insurance Payouts
Just because you have cyber insurance doesn’t mean you’re guaranteed a payout in the event of an incident. We’re sharing 3 examples of denied cyber...
Busting Four Popular Cybersecurity Myths

We’re discussing how to protect your business against the threat landscape by debunking four common cybersecurity myths.

Adopt Zero Trust Security for Your SMB

In this post we discuss the common misconceptions and facts about Zero Trust Security.