4) Security Risks Part 2

1) The message is sent from a public email domain

No legitimate organization will send emails from an address that ends ‘@gmail.com’.

Not even ​ (a)   .

Except for some small operations, most companies will have their own ​ (b)   . For example, genuine emails from Google will read ‘@google.com’. If the domain name (the bit after the @ symbol) matches the apparent sender of the email, the message is probably ​ (c)   . By contrast, if the email comes from an address that isn’t affiliated with the apparent sender, it’s almost certainly a ​ (d)   .

2) The domain name is misspelt

There’s another clue hidden in ​ (a)   that provides a strong indication of phishing scams ­– unfortunately, it complicates our previous clue.

The problem is that ​ (b)   a domain name from a registrar. And although every domain name must be unique, there are plenty of ways to create addresses that are​ (c)   from the one that’s being spoofed.

3) The email is poorly written

You can often tell if an email is a ​ (a)   if it contains ​ (b)   spelling and grammar.

Many people will tell you that such errors ​ (c)   ‘filtering system’ in which cyber criminals ​ (d)   only the most gullible people.

4) It includes suspicious attachments or links

Phishing emails come in many forms. We’ve focused on emails, but you might also get scam ​ (a)   messages, phone calls or ​ (b)   posts.

But no matter how phishing emails are delivered, they all contain a ​ (c)   . This will either be an infected attachment you’re asked to download or a​ (d)   to a bogus website.

5) The message creates a sense of urgency

Maybe you realize that the organization doesn’t contact you by that ​ (a)   address, or you speak to a colleague and learn that they ​ (b)   a document. That’s why so many scams request that you ​ (c)   , or else it will be too late.