Since the start of COVID-19, there has been a 300% increase in reported cybercrimes in the United States. With employees now relying on email communication more than ever, the risk of cyber-attacks has dramatically risen, and while there are several forms of cybercrime, phishing scams remain the leading cause of cyber-attacks worldwide.

A phishing attack is a form of social engineering where cyber criminals attempt to trick individuals by creating fraudulent emails that appear to be from a credible source, such as a colleague or manager. However, these emails contain malicious attempts to steal passwords, ask for money, or include links to infect your computer with malware.

While these attacks are constantly evolving, there are a few major ways you can spot a phishing attempt.

1. The email address and domain are incorrect.

Often, phishing emails have inconsistencies in email addresses. Many phishing emails are sent from public email domains such as “@gmail.com” or a variation of your company’s domain. Instead of “@company.com,” the hacker might use “@company23.com.” While the sender’s name might appear to be a boss or colleague, if the email domain does not match up, it is very possibly a phishing attempt. Check the sender’s email address by hovering over their name to confirm the legitimacy of the email address and domain.

2. The email text includes many spelling errors.

If you receive an email from your financial institution, for example, that is littered with spelling and grammar mistakes, it is a good indicator of a phishing attempt. Most companies use spell-checking tools to eliminate these kinds of mistakes especially when communicating with customers.

3. The email asks you to confirm personal information.

Businesses do not ask for personal information such as login credentials or social security numbers over email. If you receive an email asking for this type of information, especially as an urgent request, it is likely a phishing attempt.

4. The email includes suspicious links or attachments.

Typically, phishing emails will contain a malicious hyperlink embedded in the text. While the text says it points to xyz.com, it will actually send you to different, unsafe URL where hackers could install malware onto your device. Always check hyperlinks before you click on them. To do so, hover over the text or image that is embedded to see where the URL is pointing to. If it doesn’t match the organization’s site name, it is probably malicious.

These are a few of the major ways to spot a phishing attempt if it hits your inbox. As hackers become savvier, so do their scams. It is important to be alert, and if you do receive an email that you believe is a phishing attempt, it is important to alert your IT department immediately.