Email is still one of the most effective forms of communication for most businesses. It’s fast, straightforward, and often the best way to reach a large number of people in a concise format. Unfortunately, email can also be the bane of our existence. It accumulates quickly, is forever growing, and can potentially be a huge risk for businesses in the form of phishing scams or phishing attacks. Phishing attacks are one of the most common forms of cyber threats. According to the 2021 edition of the Phishing Benchmark Global Report, 3 billion fraudulent emails are sent every day. This report additionally shows that not only is the sheer number of fraudulent emails being sent astounding but that one in every five phishing email recipients is prone to clicking on the enclosed malicious link.We’ve all experienced those moments when opening emails that we are working fast, trying to sift through and sort critical emails from those that can wait a little while to answer. And the unthinkable happens, we open an attachment, click on a link, or answer a quick question and unintentionally open up a phishing attack. Today, we are taking a closer look at the indicators of suspicious emails (or texts), what you should do should you recognize a red flag, and how to protect your business going forward in a proactive manner.
What Are Phishing Attacks?
There are thousands of scammers out there preying on unsuspecting computer users to inadvertently give up passwords, account numbers, or Social Security numbers.Phishing attacks are one such method used to gather information. More specifically, phishing is a type of social engineering attack used to steal user data, including login credentials and/or credit card numbers. It typically occurs when an attacker masquerades as a trusted entity such as a bank, organization, or business that you are familiar with. In fact, you may normally deal with a genuine organization on a regular basis and be accustomed to getting emails from that group. The attacker then tricks the victim into opening an email, instant message, or text message. The recipient may be misled into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.
What Are the Indicators of a Phishing Email?
Let’s face it, we all open copious amounts of emails on a daily basis and it would be fairly easy to open something malicious if we are distracted or in a rush. There are some red flags that every user should be vigilant of when going through their inbox. Scammers are known to update their tactics to keep up with the latest news or trends, but here are some common tactics used in phishing emails or text messages:
Emails that use a generic greeting and do not use your name. These days, adding personalized greetings using your name or your business’s name is fairly easy and most reputable companies utilize this method of communication. If the email starts with a generic "Dear sir or madam" that's a warning sign that it might not really be your bank or shopping site.
Emails, texts, or messages that demand urgent action should raise a red flag. Be very wary of communications that encourage immediate action to be taken whether it is a prize, award, or to avoid some form of penalty such as a late charge. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won't think about it too much before you click, answer, or open it.
Spelling or Grammatical Errors
Most businesses have editors who proof each and every email that is sent to clients. Rarely are there spelling errors or grammatical faux pas in written form. While phishing scams have gotten smarter about checking for errors, if you spot errors, this could be a huge indicator that the email or text is not legitimate. Think twice about opening or clicking on any attachments.
Unknown or Infrequent Sender
We all know the organizations and companies that we deal with on a daily basis. New companies or companies that rarely interact with yours should put employees on high alert that the email may be fraudulent. It’s best to check with the company prior to responding or filling out any forms to ensure that they are the sender of such a form.
Attachments or Links
Always be suspicious of attachments or links that are asking you to update your personal information online via that email. Often companies will direct clients to head over to a website and verify their identity before making any updates.
Email Domains That Don’t Match
Take the extra time to confirm that the email domains match who is sending the email. For instance, if the email claims to be from a bank, credit card company, or other business you interact with regularly, hover over the link to confirm that the address is to the correct company. If you notice it is from an address that does not match do not click.
Steps To Take Upon Spotting a Suspicious Email
If you suspect that an email or text message you received is a phishing attempt take the following steps along with reporting the incident to your IT department or manager.
Don’t open the email.
If you have already opened it, be sure not to click on any links or attachments.
Do not reply to it. In other words, do not fill out any information that could help them identify passwords.
Report the email to your IT department or Managed IT Company.
Delete the email to ensure that you do not accidentally open it.
Forward phishing emails to [email protected] (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions, and law enforcement agencies). Let the company or person that was impersonated know about the phishing scheme. And report it to the FTC at FTC.gov/Complaint.
The first line of defense from phishing scams is a well-trained workforce that knows what to look for in text messages and emails that could indicate a huge red flag. Conditioning employees on how to spot and report potential phishing scams should be a top priority. The mentality of “see something, say something” should be used in these situations. Spam filters can only do so much to weed out potential malicious emails so consider adding new software that can help beef up your security. Additionally, every business (and individuals as well) should protect accounts by using multi-factor authentication. This gives yet another layer of security against a scammer getting into accounts that they have used social engineering to infiltrate. With MFA each account requires two or more credentials for login to occur. A further level of security is to back up data on a regular basis so that if the worst should occur, your business will not suffer additional downtime or recovery time. Cybercriminals are becoming savvier with every day that passes. And just like everything else, phishing scams continually evolve. Work with our team regarding training and updating your security to ensure that your organization does not fall victim to phishing scams.