A single click can be the difference between maintaining data security and suffering massive financial losses. From the moment just one employee takes the bait in a phishing email, your business is vulnerable to data breaches and extensive downtime.
Quickly spot the red flags and put phishing emails where they belong:
1. Poor spelling and grammar
While occasional typos happen to even the best of us, an email filled with errors is a clear warning sign. Most companies push their campaigns through multiple review stages where errors are blitzed and language is refined. Unlikely errors throughout the entire message indicate that the same level of care was not taken, and therefore the message is likely fraudulent.
2. An offer too good to be true
Free items or a lottery win sure sound great, but when the offer comes out of nowhere and with no catch? There’s definitely cause for concern. Take care not to get carried away and click without investigating deeper.
3. Random sender who knows too much
Phishing has advanced in recent years to include ‘spear phishing’, which is an email or offer designed especially for your business. Culprits take details from your public channels, such as a recent function or award, and then use it against you. The only clues? The sender is unknown – they weren’t at the event or involved in any way. Take a moment to see if their story checks out.
4. The URL or email address is not quite right
One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com]
Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text, send that email to the bin.
5. It asks for personal, financial or business details
Alarm bells should ring when a message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can initiate a check using established, trusted channels.
While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind that your business has the best protection available.
Pretexting and Phishing
Spoofing an email address is a key part of phishing, and many phishing attempts are built around pretexting scenarios, though they might not involve a great deal of research or detail; for instance, an attacker could email an HR rep with attached malware designed look like a job-seeker’s resume.
There are several signs to look for to identify a spoof email. First, you’ll want to check the email header information. This is a good place to look for tracking information about the message.
To View Headers:
- In Gmail, open the email you want to check headers for. Next to Reply, click the three dots and choose “Show Original”.
- In Apple Mail, open the email you want to see headers for, and click View > Message > All Headers.
- In Outlook, open the email you want to check, and then click File > Properties.
Check To See:
- if the “from” email address matches the name of the person displayed as the sender;
- that the “reply-to” address is the same as the sender or the site that the email purports to be from;
- that the “return-path” is the same as the reply-to – you don’t want to think you are replying to “John Doe” when your response will go to “Scammy McScammer”.
If the email is pressuring you to act quickly or making an emotional plea for you to do something, be wary. Scammers often rely on urgency or our desire to help. That’s how they trick people into clicking on links or open attachments.
Give Abuzz Technologies a call to discuss how we can secure your system against costly phishing attacks.
Recent Comments