Know a “Phish” when you see one
Email communication is an important business tool and understanding its potential risks and threats will help you secure your business from any danger.
One of these threats is called Phishing. This kind of scam lures users into clicking on suspicious links in an email or other means of providing secure data, by pretending to be someone you know or usually do business with.
While it seems easy enough to avoid these kinds of pitfalls, understanding a cyber criminal’s modus operandi will help one to identify possible scams in future.
It is not unusual to find these kinds of emails doing the rounds every now and then. Similar to normal fishing, these emails offer ‘bait’ in the hope of having someone take a ‘bite’ and take the action of providing the requested information. You can be proactive by knowing how to identify a ‘dodgy’ email.
1. Fake domains and email addresses
This is a favourite tactic of scammers, using an email address that is similar to another organisation. For example, if you receive an email from email@example.com, instead of firstname.lastname@example.org, asking you to click on a suspicious link then this is definitely a ‘dodgy’ email.
2. Verify who the sender is
Remember to verify the sender if you are in doubt. Click on the “Show Details” or hover over the “From” display name to check if the email address is from who you think it comes from. Phishing emails display the “From” email to look like it is coming from someone legitimate when the message is actually coming from someone else. An example would look like this: email@example.com <firstname.lastname@example.org>
3. “Please confirm your personal details”
As a rule of thumb, you should avoid clicking on a link to confirm your details. It is best to contact this company or person directly if you consider the email to be legitimate. Also, do not follow any steps provided in the email as this is exactly what the scammers want you to do.
4. Style of writing or poorly written emails
Let’s be honest. Scammers are not professional writers and this is the easiest way to catch them out. These kind of emails are usually poorly written and has many spelling errors. Or it just doesn’t sound the way the person usually writes. If you feel uneasy about a certain email then give the sender of the email a call to clarify or check with your email provider.
5. A suspicious attachment
Luring the user to download a suspicious attachment is another giveaway of these kinds of scams. Attachments usually contain a malicious URL or trojan, often used to install malware on your PC. You can nullify this threat by utilising antivirus software on your computer.
6. Sense of urgency
Human emotion is a powerful thing and unfortunately, scammers are very aware of this fact. They know that if they can get you to panic or become anxious you are more likely to click on a malicious link. While one should definitely be alert, messages alerting you to “click now in order to keep your account active” can mostly be considered as a false alarm.
The reality of cybercrime
In a digitally driven world where email is our lifeline, cyber threats are real too. Now that you know how to identify a phishing attempt you’ll be less likely to fall prey to this kind of cybercrime. If you are a business owner you should consider securing your email accounts by implementing some of the following measures:
Is your first line of defence against security threats and controlling data from the Internet. It monitors all network traffic and can take action before content or files come into your network.
- Spam filters
Setup a spam filter that detects viruses, blank senders, etc.
- Antivirus software
Install an antivirus solution, schedule signature updates and monitor the antivirus status of equipment in your office.
- Password security
Never share your email passwords unless you are logging into your email provider’s website.
- Staff training
Provide regular security training to your staff so that they are aware of and can identify phishing scams, malware and social engineering threats.
Understanding and mitigating the potential risks that cybercrime has for your business will ensure that your business and employees are safeguarded from this threat. Taking the cautious route is always a good idea and if you are looking for a catchy slogan then just remember, “When in doubt, throw out.”