Don’t click on that email! Most people simply don’t have the time to carefully analyze every message in their inbox. Today’s employees are expected to respond to emails immediately, prioritize the needs and expectations of the senders, and organize their inboxes to create some structure and consistency in the day-to-day work. But it is imperative to protect oneself and one’s organization from one of the most common forms of cyber-attacks – Phishing.
Phishing emails are the basic attempts of scammers to trick the user into either clicking a malicious link or entering confidential information that can be used to carry out fraudulent activity. A link can provide access to hackers, and before you know it – your company’s data is locked with ransomware. An employee entering sensitive information in a form on an email can give hackers unfettered access to private employee and client information and they can use it at their whim. Often, hackers will disguise their email address and name as an employee or high-level executive at the company so the users mistakenly believe that they are dealing with someone they know and trust.
Phishing is one of the easiest forms of attack from cybercriminals, and email is the most common method of performing these attacks. Scammers aim to target unaware users who don’t think twice about revealing login and password information, personal and/or private data, financial data such as credit card details, banking credentials, and much more.
Some specially crafted emails can be designed to look like an update from your bank and could relate to any one of your online accounts. These emails could also seem like you ordered something online and they need to verify credit card information. These hackers usually target staff in the financial or human resources department of a business. They often copy the format of the organization that the scammer pretends to represent. They will also take you to a fake website that looks like a real one but has a slightly different address.
If the user clicks on a link in a phishing email, they are usually redirected to a fake version of a legitimate website that you are trying to visit. A similarly popular method of phishing is pharming, which is done by infecting a user’s computer with malware that takes the user to the fake site, even if they type the real address or click on the bookmarked link. There are a few ways to detect and fight against it.
How to spot a phishing email
1. URL manipulation
Viruses are disguised as a seemingly safe link, however, does the link match the URL displayed once hovered over? If not, don’t click it. Hackers redirect you to malicious content with this tactic. They modify the site address while the text shown appears incontestable.
2. Use of public email domain
Legitimate organizations use a business email, and the domain is most likely their company name. Sometimes hackers slightly jumble the business name so that the difference from the legitimate one is almost unnoticeable.
Trick: Verify the organization’s domain by looking up their company name on a search engine. Look at the format of the email address as well apart from the sender’s name. Many of us bypass the email address and jump straight into the content, which is often the prime cause of being a victim.
3. Unexpected order confirmation
An order confirmation that you didn’t make is a sign of a phishing email. Hackers request to verify your shipping address, reschedule your package, or check your delivery status to lure you into clicking a link.
Tip: Be alerted if the person is asking for your password or social security number. Legitimate companies have their way of requesting your personal information, and this is not through email or instant message. Seeing this in an email is already a huge red flag.
4. Threatening email subject lines
One evident phishing email is when they incite panic emotion. Notorious subject lines are “Urgent action required” or “Your account will be closed.”. This tactic takes advantage of your anxiety and fear, which is the usual hook of scammers to obtain your credit card information or online bank account credentials.
5. Poorly written
Some cyberattacks are automated, and most hackers are coming from non-English speaking countries, according to a study. If you pick up a grammatical mistake or misspellings, this can be a strong indicator of a phishing email. For example, http://miicrosoft.com or http://bankoofamerica.com.
Professional organizations–even non-profit–hire professional writers to construct their emails and proofread for grammar, spelling, and punctuations. Scam emails are poorly written to only trick the most gullible targets.
6. No signature
An email that lacks signature, contact info, or accountability could be a phishing email. Hackers repel recipients to trace the email back to them, so they generally don’t provide any contact information. Legitimate emails from businesses contain a signature and contact information at the bottom.
Phishing emails trick you into clicking on a link or opening an attachment by:
- Creating a sense of urgency on confirming your personal information
- Including a fake tracking code or invoice
- Luring you to make a payment
- Claiming you’re eligible for government refunds or benefits
- Offering a giveaway or free coupons
How to protect your employees and your business from phishing:
- Encourage your users to think before they click.
- Be sure to look closely at emails before clicking any links or download any attachments.
- Visit the source directly rather than clicking the link in an email.
- Examine the website links and logos in suspicious emails you receive.
- Hover over the sender’s email address that resembles an authentic company email address.
- Send any suspicious-looking emails to your Managed IT Services Provider or your IT Department
- Alert your Managed IT Services Provider or IT Department immediately if you suspect you have clicked or responded to a phishing email.
- Training is an effective way to educate your staff about the various methods cybercriminals use to steal data. Teaching employees what to do when it comes to a phishing email will protect your organization from malicious attacks.
These tips may seem rudimentary, but many people are unaware of these phishing signs. Educating yourself and your employees on how to spot phishing emails will lead to a more cyber secure organization. Rule of thumb: Don’t click on any links or open any attachments right off the bat. Sift through the details first–email address, sender’s name, and the authenticity of information–prior to opening any links or attachments.
If you click on a link and nothing happens, it doesn’t mean you’re safe. Some malware opens a backdoor and sits idle stealing information like passwords, employee or client records, and credit card information. It also scans your network looking for vulnerabilities preparing for a later attack. Installing email filters, creating backups, and round-the-clock monitoring your network would help secure your data. Check out our white paper, A Guide to Understanding & Defending against Advanced Malware, on how to protect your network against the worst viruses.