Phishing emails are an attempt to gain access to sensitive or personal information such as usernames, passwords, financial or personal information by criminals who have disguised themselves as a legitimate person or business. The intent is to use this information for illegal activities. Phishing has been around for nearly 20 years, first used as a phrase sometime around 1996 by hackers stealing America Online information. While the world of hacking is continuously changing and evolving its tricks to fool the end user, below are 5 things you should look for that are immediate red flags an email is a phishing attempt.
Bad Grammar and Formatting
This sounds like it should be an obvious clue that the email is a fake, but thousands of end users fall for emails addressed to “Dear” or “Dear Customer” with no other identifier in the greeting. Unfortunately, as a result of a world desensitized to the personal touch associated with human interaction. People do not seem to mind that a company will not always remember a customer’s name.
Phishing emails often contain different fonts and font sizes from throughout the email and may also lack appropriate punctuation or contain misspelled words. In some emails the criminal will also often use the word “kindly” as in “Kindly reply by the end of the day with the information needed”.
Often the scammer resides in a different country. The scammers just are not familiar with the language or grammar of their target and this comes through in a poorly written email. If the end user does not notice the misspelled words, inappropriate and/or missing punctuation and varied font, they may be more likely to click a link or attachment intended to cause harm.
Claiming There is a Problem or Reward
Phishing emails will frequently claim that there is a problem with an account, a past due invoice or that suspicious activity has been identified. They will often note that immediate action is required to resolve the issue. The hardworking end user is immediately confused or scared and, in effort to clear up their good name, will quickly enter personal info to correct the issue.
The suggestion of free items is also good bait for the criminals. “Click Here to Claim Your Free Prize” is a good one especially when sent out just before a holiday. Gift cards from popular online retailers are also often the bait. It has become so problematical that large online retailers like Amazon have designed entire websites to help their consumers spot fakes. Often the presumed reward will expire if not claimed immediately or within a short time frame.
A Suspicious Link or Attachment
Phishing emails may contain fake bills, attachments or links. These attachments or links make it easy for the end user to enter information or payment methods.
Phishing emails are often imbedded with malware or ransomware. Once a link or attachment is opened, viruses will be downloaded to the user’s computer. Some viruses will enable the criminal to sit silently behind the scenes and collect data: user activity, keystrokes and other personal information. They gather this data over several days, weeks or months until the criminal deems it safe to execute their attack. This delay is strategy on behalf of the criminal as the user will likely not remember the suspicious email they clicked on that could be linked with their hacked bank account. 30% of phishing messages get opened by target users and 12% of those users click on the malicious attachment or link. These numbers tell us that phishing works.
Something Off in The Email Address of The Sender
Hackers try to mimic a legitimate web or email address as closely as they can to trick the end user. Unless the end user pays close attention, the bogus information can be easily missed. An example would be @godaddy.work as opposed to @godaddy.com (notice the .work opposed to the .com). Hackers will sometimes add an additional letter, number or symbol to a legitimate URL or email that blends in like godadddy.com so the phishing email is easily missed.
The Signature Lacks Detail
Legitimate emails will usually contain the information you need to contact the sender. Many phishing email attempts will appear to come from an internal domain, a CEO or CFO. These emails can be potentially devastating to small businesses as the target is usually someone in HR or Accounting who is ready to respond and please their superior. End users should be on the lookout for an email from a high-level executive in their own company who is sending them communication with an informal or missing signature.
What to do When You Receive A Phishing Attempt
If the email came from someone within your company, or someone you know. Pick up the phone and call the supposed sender (do not reply to the email).
If the email contains a link, copy and paste the link into isitphishing.ai. This will help you determine if the link is of malicious intent.
If the email contains an attachment, do not open it. Think the attachment might be legitimate? Go to the sender’s trusted website directly (by entering the address in browser manually) and download the attachment or contact the sender to confirm.
Forward the email to your IT support provider for review.
How to Prevent Phishing Emails
The best way to prevent phishing emails is to employ an effective email filtering system. Filtering inbound and outbound email is crucial to protecting not only your business’s confidential information but also its reputation. Hate getting spam emails? Your customers will hate getting spammed by you through an outbound email hack even more.
Train employees on how to spot phishing emails. For SMB’s who utilize a Managed IT Services provider, ask your provider if Security Awareness Training is included in your Managed Services Agreement. Testing employees also helps overcome the “Rules don’t apply” or “That stuff only happens to other people” mentality. And managers of employees who regularly catch phishing attempts can use this for employee recognition.
Phishing Is not Going Away
Studies show cyber-attacks year over year are increasing, more severe and more sophisticated. The profitability of these attacks and the anonymity available on the dark web to cybercriminals means SMB’s must continue to stay on top of network and email security.
Partnering with an experienced IT support provider like Radiant Technology Solutions will ensure your business maintains a secure network through industry best practices and procedures. With industry leading partnerships in the cybersecurity industry your business will stay up and running day in and day out.
Contact Us Today!