Check the TIPC: Timing / Intent / Person / Content
If you are anything like me, you are overwhelmed with emails each and everyday. It is getting challenging to often determine which emails are real, and which may be phishing for our information. There are four easy aspects to any email that you can practically scan within seconds to determine if the email is real or fake.
Before opening an email - and especially before opening any attachments or clicking links
contained in the email - take a closer look and think about these 4 aspects.
- Timing: Is the timing of the email correct? Are you expecting an invoice from someone, a document from someone, a file from someone? If not then be a little suspicious.
- Intent: What is the intent of the email? If it’s trying to get you to do any of the following then you should be a little cautious:
- Enter your PII.
- Open/click on an attachment.
- Click on a link to a web page.
- Person (from): There are a couple of things to watch relative to who the email is from.
- Does the “From:” name match the name in the body of the email? If all you see is a name in the “From:” section then, depending on your email program, there are various methods to see the full email address so you can, for example, look for spelling mistakes in business names (e.g. John.Smith@feddex.com).
- Does the email have a signature? Often whaling attacks are disguised as an email coming from a CEO’s mobile device that often do not have official company signatures attached to the name.
- Person (to): Now look at the “To:” section of the email.
- Is it addressed to only you and others you know? If there are other email addresses in this section you do not know, it may be a spam email.
- Is the body of the email personalized (i.e. not just the typical “Dear Customer”)? This does not always mean the email will not contain malware, but it can dramatically cut down on your risk of falling for a general phishing attempt.
- Content: Are there spelling mistakes or grammatical errors in the email? Does the content of the email make sense? Would a CFO of a company be emailing you a receipt? Would your CEO be emailing you asking for a money transfer to be made?
After time and practice, you will be able to scan any email for these 4 things within seconds. If any of these 4 areas appear off (your "spidey-sense" is tingling), then take a sip of coffee, slow down a little, and take a few extra steps to make sure you are not victimized.