Unfortunately, phishing emails are becoming more and more common. These emails often look like they’re coming from trusted sources, but instead contain links to malicious sites or harmful downloads.
According to the FBI, phishing scams cost American companies $215 million annually. This amount is expected to rise due to the increasing use of mobile devices like tablets and smartphones by end-users.
Here are some tips from IT service technicians just a few signs to help employees recognize phishing attacks:
1. Look at how the email is phrased.
If you see an email that includes any of the following, beware:
- Typos or grammatical errors. It’s surprising how many phishing scams aren’t spell-checked, but these low-writing levels often indicate that the cyber-criminal is casting a wide net.
- A generic greeting like “Dear Customer” rather than a personalized greeting like “Dear Bill”.
- Broad statements such as “We have noticed suspicious activity on your account” rather than the name of the account holder or providing part of the account number in the email.
- Language that leads you to click on a link without thinking, such as “Click here for more information.” If the contents of the email reference something that might interest you, search for it online instead of clicking links inside the message itself.
- Statements that try too hard to sound official. “Please enter your account number below…” can be an easy giveaway to recognize phishing attacks since legitimate companies will never ask for sensitive information through an insecure channel like an email.
- Phrases that urge you to take action quickly like “act now” or “reply immediately.” Most companies don’t send their users emails with this type of tone, and if they do, you’re more likely to be expecting this kind of email.
2. Always Double-Check the Source
Even if a message appears to be coming from someone you know, take a moment to check their identity. It’s very common for cybercriminals to use social media sites in order to acquire your contact.
For example, if you receive an email that appears to come from your bank or credit card company asking for personal information, take a minute to make sure it’s authentic. If possible always call the company at a publicly listed number to determine its validity.
Be aware of emails that include logos and phrases commonly used by well-known reputable companies in an effort to make you “trust” the message (e.g., PayPal, eBay, etc.).
Fraudsters use these popular trademarks in order to trick users into clicking on links that take them to malicious websites or downloads that will actually harm their computer or steal their private information.
Never provide personal information via email or over the phone unless you initiate the contact and know who you’re talking to.
3. Pay Attention to the URL
Before entering any personal information on a website, make sure you know exactly who you’re giving it to. Phishers will often set up fake websites that look identical to another site in order to steal people’s information, or will sometimes slightly misspell the real website address to avoid spam filters.
Simple Ways to Check
Do not click on links in emails without first verifying that the email is from a legitimate source. If possible, open a new browser window and type in the web address yourself, rather than clicking a link in an email.
When you receive a suspicious email, hover over any links to see if they’re taking you to legitimate sites or not. Fraudulent emails often take users to fake websites disguised as their intended target—but these sites are designed only to steal passwords and other personal information.
If possible, find the real address of the company’s website so you can be sure it doesn’t have an illegitimately similar web address. Never use shortened URLs – always cut and paste the web address into your browser window to check its validity.
Phishers are good at appearing authentic, so it can be difficult to tell whether or not they really are who they say they are. One sign is if the sender uses free webmail services instead of their own domain name (for example, @gmail.com vs @apple.com).
A company with its own domain name has invested money in creating its online presence, so it is more likely to be legitimate. Emails that come from free webmail services are often easier for phishers to forge because they can use any email address in the “from” field. Keep this in mind when you’re on the lookout for signs of authenticity.
Protecting yourself and learning to recognize phishing attacks is always better than worrying about damage control after the fact.
Preventative measures that companies take include the use of spam filters and anti-virus software. These measures are fairly effective, but they cannot stop all phishing attacks from occurring.
Fusion Technology Solutions can help your business find the right cybersecurity measures for your unique needs. If you’re ready to take your security to the next level, contact us today.