Phishing emails are becoming harder to distinguish from the real ones. Not surprisingly, these scams have spiked during the pandemic. Luckily, mismatched or fake URLs are a quick way to spot a phishing attempt!
Before you click on anything, double-check your URLs to make sure that the email is safe.
What is phishing?
By posing as a legitimate email, phishing is a cyber attack designed to trick you into handing over sensitive information. It may use a link to a fake website to prompt you to enter your credentials. Or, the link may attempt to infect your computer with malware.
Why is hovering over the link important?
You cannot trust a link by its first impression! Unfortunately, not all links lead to where you expect. When you hover, there’s an opportunity for you to check before you click.
How to spot a fake or mismatched URL:
To hover on a computer, place your mouse over the link without clicking. To hover on a mobile device, hold down on the link until you see the menu that shows the URL.
Here’s what you can look for:
If a URL is written out in the link, does that match the URL when you hover?
The link’s display text is www.worksmart.com but actually takes you to www.scam.com.
If the email appears to be coming from a company, does the hover link match the website of the sender?
It’s a “red flag” if you typically get emails from worksmart.com, but the link points to worksmart-support.com.
Does the link have any misspellings in the domain name?
Subtle misspellings, like worksmrat.com, are designed to trick you when you’re quickly scanning an email.
Is this a shortened URL?
URL shorteners, such as bit.ly or goo.gl, abbreviate long URLs. Cyber-criminals use these to hide the destination from you. Check with your IT team – they can help verify the email while keeping your company safe.
Is the whole email a hyperlink?
Be careful! Some phishing scams make the whole email a hyperlink - any click on the email will trigger the attack.
If you have any doubts, do not click any links. Ask your IT team to make sure everything is OK before proceeding.
Keep your company’s data safe
When it comes to protecting your company from phishing attacks, the right mix of training and technology will make a difference!
Remember, your users are the company’s best defense against cyber-attacks. Regular security awareness training will help them know what to look for and keep security top-of-mind.
Advanced Threat Protection
For an added layer of protection, you can check links in email and Office documents with Microsoft’s Advanced Threat Protection. If the URL looks to be suspicious, you’ll see a warning page.