Don’t fall victim to a phishing attacks with these 10 fast checks…
Your team will probably be aware of and looking out for phishing emails, one of the most common Cyber Scams.
But the scammers are getting smarter… Phishing attacks are getting increasingly harder to spot, often taking
advantage of current issues and concerns such as the COVID-19 pandemic, increasing 220% in 2020!
Why are phishing emails so common? Well, they’re an easy win for cyber criminals – they take very little
effort to create and enough people still fall for them – The idea of a phishing attack is simple…
A hacker will send out an email disguised as a genuine message to thousands of random email addresses.
A few people will open the malicious link it contains or follow the email’s requests (such as entering login details).
These emails can be very convincing at first glance, but there are usually some simple ways to spot if it’s a scam.
- You have no account with that company
You may get a message like, “Please update your PayPal account!” but you don’t have a PayPal account… Red flag!
You may think, “What if someone opened an account in my name”? Don’t open it, go directly to the company in question and request help.
- The email account isn’t connected to the company
What if you do have a PayPal account, but it isn’t connected to the email account where you received the message?
If you’ve never told the company about your other email account, it shouldn’t send emails to that account.
It’s that simple. Delete!
- The return email address isn’t normal
This is one of the easiest ones to overlook, but one of the most sure-fire ways to spot a scam email.
If you get an email from a known company, the email should come directly from that company.
If it’s a bill from Netflix, it should come from something like firstname.lastname@example.org.
If there are extra letters or numbers in the return address, it’s a scam. If there is a minor error like email@example.com, it’s a scam.
- The email asks you to confirm personal information
Reputable companies will never request personal information like your Social Security or account numbers or PINs via email.
Even if everything else in the email looks right, this is a giant red flag. Never click a link from an email you weren’t expecting and provide personal information. Ever.
- The email is poorly written
Typos happen but that’s not what we’re talking about. We’re talking about missed words or poorly phrased sentences.
Reputable companies don’t let that happen. They have proof-readers who verify their emails look professional before they’re sent out.
- There is a suspicious attachment
Attachments are pretty common, we don’t worry about them much, but we should, be suspicious!
Most companies will ask you to download assets from their website and will not send you an attachment.
- The message is super urgent
A favourite tactic of phishing scams is to put the pressure on right away. The email may claim you have missed a payment, owe
money or have been recorded through your laptop’s camera. These tactics are intended to make you panic and rush to respond
to the situation, which means you’ll click on their links to get to the bottom of it. Boom. You’re a phish on the hook!
Don’t respond to high-pressure emails unless you know the reason. Even if you’re late on your credit card payment and receive a
nastygram from your credit card company, don’t use a link from that email to pay or put in information. Go directly to the website.
- The email doesn’t use your name in the greeting
Does this look familiar? “Dear valued customer” or “Greetings, friend… Dead giveaway that an email isn’t from a source you know.
Any company you have an account with should know your name and use it in emails. Standard stuff. If you’re not greeted by name,
the sender doesn’t know you, and you probably don’t know them (and don’t want to).
- The whole email is a hyperlink
If your cursor turns into the pointing hand no matter where it is on the email, the entire email is one giant hyperlink. Why?
If the whole email is a hyperlink, any random mouse click delivers the sender’s virus or malware.
Why wait for you to open an attachment if the hacker can get you with any click? This one is fairly easy to spot and a dead giveaway.
- The email is from a public domain
An email claiming to be from a business you know, but the sender’s email address is from a public domain like @gmail.com or @outlook.com
Red flag! Businesses that frequently send out emails have their own domain names, and all emails should come from that domain.
If Jill is claiming to be from BT, but her email is Jillydill@yahoo.com, you know it’s at least spam but very likely a phishing attempt.
What should you do if you’re not sure?
If you get a suspect email, pause before doing anything! Go over this list and look for clues. If you’re still not sure, the best thing you
can do is contact the company in question directly, not through that email. Go directly to the company’s website or call the company
and explain what you saw in the email. It’s possible you’ll alert the company of a fraud scheme it is unaware of. You may also learn the
email is legit. Either way, by contacting the company directly, you’ve avoided the unnecessary risk from a phishing attack.
How do I report a phishing email?
If you’re fairly certain you have a phishing email on your hands, you can report it to the FTC or forward it to firstname.lastname@example.org and email@example.com.
Keeping a watchful eye on your inbox and reporting suspicious emails is your best bet to fight back against phishing.
To implement a Cybersecurity Strategy
Call the experts at Pink Connect: 0345 450 9393 or email: firstname.lastname@example.org. We are here to keep your business safe!