What are phishing emails and how much damage can they do to businesses? Phishing emails are a type of scam where criminals send an email that appears to be from a legitimate vendor or client and ask you to provide sensitive information or worse, a payment. According to Forbes, in 2019 they cost businesses over half a billion of dollars. You need to know how to spot email phishing attacks.
These emails often look like they’re from a company you know and trust. This could be a client, bank, colleague, or vendor. Many times, they tell a narrative in an attempt to trick you into clicking a link or opening an attachment. (Never open an attachment from someone you do not know, that can be the start of a hack into your network.) Good scammers can easily create an “official” looking email to deceive you and your clients.
Scammers using this type of attack often have hacked into your email account to monitor your business communications and obtained an understanding of your company’s personnel, processes and procedures, and clients. They can then pose as a vendor, and trick you into paying an “overdue bill” or “last-minute charge” on a work order.
One of the most dangerous aspects of this type of attack to your business is that it can also be used against your customers. Scammers can pose as you and send fake invoices to your clients to fraudulently collect money. This can put your company in a precarious position with clients. Network security is vital to the continuity of your business. Here’s how to spot email phishing scams.
How to to spot email phishing:
- Legitimate companies use domain emails. For example, an email from UPS (www.ups.com) would come from firstname.lastname@example.org, not email@example.com. You can see the email address by hovering over the sender’s name.
- The message is designed to make you panic. They have a sense of urgency, trying to make you act before you think.
- They ask you to click a link to expedite a payment. This is usually done through a method of payment not standard to your company such as an EFT or wire transfer.
- They say there is a problem with your account. They ask you to “confirm” some personal information to update your account. What they’re really doing is getting you to volunteer this information, never volunteer anything.
- They know too much about you. Sometimes a hacker may have information that seems to validate their identity. They’ve done their research. Does it make sense they know this information? Are they “name dropping”?
- They don’t know enough about you. The email is addressed to “Dear customer” or “Dear account holder” and not your name.
- Spelling and grammatical errors. English is a second language to foreign hackers and they’re not good at it.
- Everything is a link. Don’t click on anything! Sometimes an entire email can be a hyperlink. Therefore, clicking anywhere on it will take you to a malicious website or start a malicious download.
- They claim to be a Nigerian prince.
How to protect yourself from phishing attacks.
- Protect your computer network by using security software.
- Update your mobile phone and tablet to the latest release.
- Use multi-factor authentication.
- Protect data by backing it up.
- Do not click on or respond to suspect emails, forward them to the authorities.
- Hover over links without clicking to see where they link to.
- Be aware of the tricks listed above and always read between the lines.
- Don’t click links in texts.
- Don’t trust princes who can’t afford slippers.
If you believe you’ve received a phishing email, forward it to the FTC at firstname.lastname@example.org and to the Anti-Phishing Working Group at email@example.com. If you got a phishing text message, forward it to SPAM (7726). Report the phishing attack to the FTC at ftc.gov/complaint.
Responza’s highly trained and motivated team of technology pros can design and implement your network today. We can provide training to help your avoid phishing and other common scams. Call Responza today to find out how we can help. In Charleston call (843) 990-9200, Seattle (206) 762-5100, or click the contact link below.
Related blog: 12 Ways to Protect Yourself from Cyber Attack