Phishing emails are the scammer’s way to trick unsuspecting recipients into revealing account numbers or login credentials. Because it’s easy to copy and paste bank logos off of websites, criminals make their emails and links look legitimate, but if you know what to look for, you won’t be fooled.
As when trying to catch a fish, hackers cast their lines by sending emails with attention-grabbing subject lines that appear to be from legitimate organizations, hoping that someone will take the bait and enter the information or credentials requested.
Once you’ve been phished, hackers can access your accounts or use your information to steal your identity. Even if it’s a minor account, you should be concerned. For example, you may not be too worried about your Pinterest account, but if you use the same username and password on your other accounts, the hackers could use that info to access your bank or retirement funds!
You may have dozens of employees using weak passwords, and who may not be wise to these hackers. So how do you protect your business from these attacks?
Fortunately, phishing emails tend to be obvious, especially if you know what to look for. Rather than taking the bait, look for these five clues that an email may be a phishing scam:
A link labeled “BankofAmerica.com” doesn’t necessarily point to the legitimate Bank of America website; it might link to a bogus site which could even be similarly named. The link will take you to a fake login or malicious web page where malware will download itself onto your computer.
Check before you click: hovering over the link will show you the actual link destination. The URL is typically displayed in the bottom portion of your email client. You may also be able to see that the return email is not legit.
Best practice is to avoid clicking links in any email. It’s simple to create a bogus link. If you want to check a suspicious email with your bank, enter the known URL manually in your browser’s address bar.
Financial institutions, the IRS, and other organizations do not request sensitive information such as credit card numbers, Social Security numbers, login credentials, and so on via email. They use regular mail. Even if the email appears to be from someone you know, be suspicious. Why do they need it, and why are they using email? Even if you feel the request is legitimate, do not click or reply. Call the person in question directly, and don’t use the phone number in the possible phishing email.
Does the message contain grammatical, spelling, or punctuation errors? Large organizations would never send an unprofessional message loaded with errors. Also, phishers sometimes misspell certain words that might trigger your spam filter.
You won a lottery you never entered, you have an outstanding warrant for a ticket you never got, or your health insurance is apparently about to be canceled. Really? Be logical. Before you panic and click, does the message even make sense?
Email attachments are the most common means of spreading malware and ransomware. The attached file, even with a name like resume.doc or shippinginvoice.pdf, is probably an executable file or a ZIP file containing malware. If you didn’t request it, don’t open it.
Educating your team about these threats and protecting your network with an anti-spam solution are your two best defenses against email phishing scams. Contact Quikteks at (973) 882-4644. We can help.