It’s not just exiled Nigerian princes who are sending out sketchy emails. The next message from what appears to be a client, vendor, or even coworker might be an imposter! And that attachment you are downloading or “confidential” response you are sending might give hackers all they need to steal your company’s data.
Email phishing scams are nothing new, but they still manage to exploit people at all levels of the business world. Estimates are that 91% of all cyberattacks begin with a phishing email. Worse yet, hackers get an exponential payoff without much effort. If they’re going to try stealing your data, we feel hackers should at least have to break a sweat and get carpal tunnel doing it.
That’s why we’re going to share a few easy strategies for recognizing and preventing phishing scams that everyone can use to keep their information, their coworkers’, and their company’s safe.
What Are Phishing Email Scams and Why Do They Work?
At their most basic, phishing email scams get people to do what cybercriminals want. Like digital chameleons, the look and feel of phishing attacks constantly change. A hacker might pose as a network admin asking for your login credentials or a coworker asking you to download a document you’ve never discussed. Some ask for immediate action and others build a relationship, like the email prankster who has been trolling public figures recently, but the results are rarely quite so fun.
Through this method, hackers get login credentials to break into secure systems, deceive users into downloading malware or ransomware, or spur the disclosure of financial information they can sell on the black market. Basically, they can get the keys to the kingdom, treasury and all. In spite of the fact that this strategy has been in use for over two decades, it still delivers fantastic results.
Email scams work because most people consider themselves to be too busy to analyze the messages hitting their inbox. If something appears to be authentic on the surface, people won’t dig deeper to authenticate the message. That’s just what email phishers take for granted. Their low expectations work to your benefit because all it takes to make a real change to protect yourself and your company are a few clear-cut steps.
How to Spot Phishing Emails
The good news is that most phishing emails fall apart under any scrutiny. Even those that are well crafted usually create some suspicion if you look at their components individually. Here’s what to watch when on the hunt for phishing emails.
- Check Spellings – Though the occasional typo might be forgivable, any message with the spelling and grammar of a grade schooler should set off warning bells. In fact, some cybercriminals include these typos to filter out all but the most susceptible targets. That they do it so consciously is more than a little insulting.
- Check Content (Or Lack Thereof) – Is the message suspiciously vague? Could it have seemingly been addressed to anyone? Hackers spam out their messages to improve their chances of success. That’s why they often send empty emails with only attachments (Red flag! Red flag!) or make vague requests for info that show limited familiarity with your role or impact. If you get any request like that from “IT”, ask follow up questions to clarify what and why they really want your information.
- Check URLs – If hackers were transparent about the weird URL destinations where they are sending you, very few people would click. That’s why many phishing emails use shortened URLs or hyperlink text to soothe suspicions. Find out where they are sending you by having your mouse hover over a link before clicking it. You can see the destination and just ignore the email if it seems shady.
- Check Sender Address – Hackers can forge a sender’s name or department. What they have a harder time with is the domain name. Sloppy cybercriminals might have messages come from a random domain name, but clever hackers might create a domain that is a slight variation on the actual domain that most eyes would skim right over it.
Example: @impsolutions.com could be spoofed as at impsolutoins.com.
Continuing to Stay Safe
Putting the above list into practice is only the first line of defense. You have to take it the next level. Always remember that if you see something suspicious, say something about it. When you report a scam to your IT team, you prevent hackers from affecting the whole company.
Want to learn more about how to protect you and your company from hackers? Contact us to get a team of IT specialists working for you.