Email communication is an important business tool, and understanding its potential risks and threats will help you secure your business from any danger. One of these threats is called Phishing. This kind of scam lures users into clicking on suspicious links in an email or other means of providing secure data by pretending to be someone you know or usually do business with.
Phishing emails tell a story to trick you!
Be cautious of unexpected emails that appear to be from familiar or trusted companies, such as banks, credit card providers, utility companies, online payment platforms, or apps. While it seems easy enough to avoid these pitfalls, understanding a cyber criminal’s modus operandi will help identify possible scams in the future.
Quick tips on how to avoiding getting caught out! Messages that are sent by scammers say things like:
- claim to have noticed suspicious activity or login attempts (false claims)
- indicate an issue with your account or payment details (there isn’t)
- request you to verify personal or financial information (which you shouldn’t)
- include an odd invoice (which is fraudulent)
- urge you to click on a payment link containing malware (don’t click)
- offer a fake government refund registration opportunity (it’s never real)
- present a coupon for free items (which is not genuine)
It is not unusual to find these kinds of emails doing the rounds every now and then. Similar to normal fishing, these emails offer ‘bait’ in the hope of having someone take a ‘bite’ and take the action of providing the requested information. You can be proactive by knowing how to identify a ‘dodgy’ email by paying close attention to the branding, company details, and spelling to ensure legitimacy.
How to spot a phish.
1. Look carefully! Check for fake domains and email addresses!
This is a favourite tactic of scammers, using addresses that are similar to another organisation. An example of a “dodgy” email would be receiving an email from firstname.lastname@example.org, instead of email@example.com, asking you to click on a suspicious link. Always be aware of who is sending the email. If unsure check the website domain name: for instance, www.azappi.co.za vs www.azapi.co.za.
More recently, scammers will use a legitimate-looking email like firstname.lastname@example.org, but the email isn’t an actual address associated with the business. If unsure, refer to legitimate previous communications and double-check the company information, paying special attention to the spelling.
2. Always verify who the sender is.
Remember to verify the sender if you are in doubt. Click on the “Show Details” or hover over the “From” display name to check if the email address is from who you think it comes from. Phishing emails display the “From” email to look like it is coming from someone legitimate when the message is actually coming from someone else. An example would look like this: email@example.com <firstname.lastname@example.org>.
3. Never do the following “Please confirm your personal details” or “Update your information.”
As a rule of thumb, you should avoid clicking on a link to confirm your details, especially any emails asking you to confirm payment information. In these instances, contact the company or person directly if you consider the email to be legitimate. Also, do not follow any steps provided in the email, as this is exactly what the scammers want you to do. Links in emails, especially shortened ones, should not be clicked on if you are unsure whether the source is legitimate.
4. Don’t trust emails that are poorly written!
Let’s be honest. Scammers are not professional writers, and this is the easiest way to catch them out. These kinds of emails are usually poorly written and may have spelling errors. Or they just don’t sound the way the person usually writes. If you feel uneasy about a particular email, give the email sender a call to clarify or check with your email provider.
5. Don’t click on attachments, especially suspicious attachments.
Luring the user to download a suspicious attachment is another giveaway of these kinds of scams. Attachments usually contain a malicious URL or trojan, often used to install malware on your PC. You can nullify this threat by utilising antivirus software on your computer.
6. Be careful of any emails that create “a sense of urgency”.
Human emotion is a powerful thing, and unfortunately, scammers are very aware of this fact. They know that you are more likely to click on a malicious link if they can get you to panic or become anxious. While you should definitely be alert, messages alerting you to “click NOW to keep your account active” can mostly be considered a false alarm.
The reality of cybercrime
In a digitally driven world where email is our lifeline, cyber threats are real too. Now that you know how to identify a phishing attempt you’ll be less likely to fall prey to this kind of cybercrime. If you are a business owner you should consider securing your email accounts by implementing some of the following measures:
Is your first line of defence against security threats and controlling data from the Internet. It monitors all network traffic and can take action before content or files come into your network.
- Spam filters
Setup a spam filter that detects viruses, blank senders, etc.
- Antivirus software
Install an antivirus solution, schedule signature updates and monitor the antivirus status of equipment in your office.
- Password security
Never share your email passwords unless you are logging into your email provider’s website.
- Staff training
Provide regular security training to your staff so that they are aware of and can identify phishing scams, malware and social engineering threats.
Understanding and mitigating the potential risks that cybercrime has for your business will ensure that your business and employees are safeguarded from this threat. Taking the cautious route is always a good idea and if you are looking for a catchy slogan then just remember, “When in doubt, throw out.”