Phishing emails are a form of social engineering, designed to trick unsuspecting recipients into revealing their most sensitive account numbers or login credentials. Not only is it easy to copy and paste bank logos off of websites, criminals can even make their emails and links look as though they are legitimate. Plus, it’s virtually impossible to track down these criminals thanks to the veil of anonymity the Internet provides.
Phishing gets its name from fishing. As when trying to catch a fish, hackers cast their lines by sending emails that appear to be from legitimate organizations — all with the hope that someone will take the bait and enter the information or credentials requested.
Once you’ve been phished, your identity is compromised. Hackers can then access your account or use the information you provided to forge your identity. Even if it’s a minor account, you should be concerned. For example, you may not be overly concerned if someone were to log into your Pinterest account. After all, you just pin arts and crafts ideas there. However, if you use the same username and password across all of your accounts, the hackers could easily attempt to log into various financial websites. Next thing you know, they have unfettered access to your bank or retirement accounts!
The problem is even worse with businesses where you may have dozens of employees using weak passwords and who may be easy to trick. So how do you protect your business from these attacks?
Fortunately, phishing emails tend to be obvious, especially if you know what to look for. Rather than taking the bait, look for the following five clues that an email may be a phishing scam:
1. Suspicious URLs — It’s easy to disguise a link using descriptive text rather than the actual URL. For example, a link labeled “BankofAmerica.com” doesn’t necessarily point to the legitimate Bank of America website; it could actual link to a bogus site or one similarly named (to add to the trickery). Some links will take you to a fake login page while others might take you to a malicious web page where malware will download itself onto your computer. Both cases are dangerous, making it smart to do a little investigative work before you click. This is as simple as hovering over the link to view the actual link destination. The URL is typically displayed in the bottom portion of your email client.
A good practice is to avoid clicking links in email completely. If the email prompts you to go to your bank’s website, don’t click the provided link, enter the known URL to your bank manually in your browser’s address bar.
2. A request for personal information — Financial institutions, the IRS, and other organizations do not request sensitive information such as credit card numbers, Social Security numbers, login credentials, and so on via email. Even if the email appears to be from someone you know, even your local banker, be suspicious. Why do they need it? And if they need it, why are they using email? Most organizations, especially large ones, will contact you via regular mail first. Even if you feel the request is legitimate, do not send sensitive information via email. Call the person in question directly, using information you already have (and not the phone number supplied in the possible phishing email).
3. Unprofessional presentation — Does the message contain spelling or punctuation errors? Is it in broken English? In general, large organizations take professional communication seriously and would never send a message loaded with spelling and grammar errors. Similarly, some phishers will purposely misspell certain words that might otherwise flag their messages as spam or a scam.
4. Messaging that makes no sense — Is it really possible you just one some random lottery for millions of dollars? And why would a health insurance company you don’t use send you an email warning you that your insurance is about to be cancelled unless you make a payment? Be logical. Do you enter contests and lotteries? Does an offer sound too good to be true (hint: it’s probably a scam)? Is this a company with whom you have a relationship? And if you do have a relationship with the company, does the message make sense?
5. Attachments — Unsolicited email attachments are one of the most common means of spreading malware and ransomware. The attached file might look legitimate, with a name like resume.doc or shippinginvoice.pdf, don’t be fooled. It’s probably an executable file or a ZIP file containing malware. If you didn’t request it, don’t open it.
Educating your team about these threats and protecting your network with an anti-spam solution are your two best defenses against email phishing scams. Contact Quikteks at (973) 882-4644 to find out how you can prevent dangerous spam and phishing emails from impacting your business.