Phishing emails are becoming more common, and are posing a serious threat to civil society organisations across Africa. These deceptive messages can compromise your organisation’s security, leading to data breaches and financial loss. This guide will help you identify phishing emails and protect your organisation from cyberattacks.
What is Phishing?
Phishing is a cyberattack where attackers disguise themselves as trustworthy entities to trick individuals into revealing sensitive information. These emails often look legitimate, making it crucial to know how to spot them (there are usually signs 😉).
Key Indicators of Phishing Emails
1. Suspicious Sender Address
Always check the sender’s email address. Phishing emails often come from addresses that mimic legitimate ones, but with slight variations. For example, an email from “info@yourbank.com” is legitimate, but “info@yourbannk.com” is not. Read carefully to spot these errors.
2. Generic Greetings
Phishing emails frequently use generic greetings like “Dear User” instead of your actual name. Legitimate organisations usually personalise their emails.
3. Urgent or Threatening Language
Be wary of emails that create a sense of urgency or fear, urging you to take immediate action. They are most likely phishing emails, and the trick is to make you take an urgent action that will lead you to a vulnerable situation. Don’t fall for it! For example, a message saying that “Your account will be suspended if you don’t verify your information now!” The message is usually written in bold, and maybe red letters too.
4. Unsolicited Attachments
Avoid opening attachments from unknown or unexpected sources. Phishing emails often contain malicious attachments designed to infect your device with malware.
5. Hyperlinks Leading to Unfamiliar Websites
Hover over links to see the actual URL. Phishing emails often include links that lead to malicious websites. The moment you click these links, you open yourself up for an attack. Until you are sure of the link, do not click it as a link that says “www.yourbank.com” might actually be leading you to “www.scamwebsite.com“.
- Examine the Email Content for Grammar and Spelling Errors
Many phishing emails contain awkward phrasing, incorrect grammar, or spelling mistakes, which are often signs of a scam. Most scammers probably didn’t finish high school 🤣. They can spell the word ‘reschedule’ as ‘reshedule’. So always be on the lookout for wrong grammar and spellings.
- Too good to be true offers
If you get an email with an offer that seems too good to be true, such as winning a lottery you didn’t enter or receiving a gift card without reason, you should be wary of it as it could be a phishing attempt.
- False Alarms
Phishing emails often claim that your account is compromised or that there is suspicious activity, just to lure you into providing your details. If you saw the movie ‘The Beekeeper’, you have an idea of how this looks.
- Unusual Requests
Legitimate companies will never ask for sensitive information like passwords, Bank Verification Numbers, or credit card details via email. If an email requests this information, it’s likely a phishing attempt.
- Odd Timing
Receiving an email from a company or contact at an unusual time, like in the middle of the night, could be a red flag. Make sure to check what times you usually receive emails from that organisation if you suspect a phishing attack.
Steps to Take if You Suspect a Phishing Email
1. Do Not Respond or Click Any Links
Do not interact with the email. Responding or clicking links can expose your information or download malware onto your device. The best way to not fall prey is to not take any action, just ignore.
2. Verify the Sender
You can also contact the organisation directly, using a known phone number or email address to verify the email’s authenticity before you take any action on the email.
3. Report the Email
Report the suspicious email to your IT department or email provider. Many services have mechanisms to report phishing attempts. This will ensure that action is taken on them, and others don’t fall prey to their scams.
4. Delete the Email
Once reported, delete the email from your inbox and trash folder to prevent accidental interaction. You don’t want to ‘mistakenly’ click a malicious link or download malware to your computer.
Phishing emails pose a significant risk to African Civil Society Organisations and human rights defenders. By staying vigilant and educating your team, you can protect your organisation from these cyber threats.
Remember to always verify the sender, be cautious of generic greetings and urgent language, be wary of overly good offers, suspicious forms, even unsubscribe links, and avoid unsolicited attachments and suspicious links.
Together, we can create a more safe and secure digital space for human rights defenders in Africa to do good work in.