We’ve all heard of email scams where an attacker impersonates a trusted source— such as a CFO or company you work with— to get you to take an action and steal your information. These are called phishing, as the cyber criminal “fishes” for data or a way to seize the infected computer or entire network.
After just one or two wrong clicks, a phishing email could lead to a data breach or even greater disaster for your business.
Avoid being tangled up in a dangerous phisherman’s net by learning about the most common types of email scams and taking the necessary precautionary actions.
Attackers get creative when it comes to imitating trusted brands and authority figures, creating email addresses or adding titles to the associated email to make it look like it’s coming from someone it isn’t.
For example, if your boss’s email is john@access.com, you may receive an email from john@assess.com and not notice the difference if the bolded name next to it displays his/her first and last name. Double-check that the domain ending is legitimate or doesn’t have a subtle spelling error to confirm authenticity. Look for these same mistakes throughout the email as well.
Oftentimes these PDFs or attached images seem like the most reasonable way to figure out what the emailer is inquiring about, but that’s how they get you! The emails says something vague to entice you to open the attachment for more details. Once opened, the file injects your computer with a malicious code.
These documents may be named something vague like “invoice” with a string of random numbers. If the email seems suspicious, or you don’t recognize the company or person it’s from, do not open any included files. Ask your IT department to verify if it is safe or not, or search them online to see if they are legitimate.
Links can be disguised by being “shortened” with a link shortening service such as Bitly. You may see a link that says says “bitly.com/randomnumbers,” for example, and not be able to adequately assess it. If it said, XYZ.com when it should have said ABC.com, you’d be more likely to err with caution.
A shortened link could redirect you to a dangerous webpage. One where once you submit your information or make the requested download, they steal your data or infect you with malware.
Think before you click. Always hover over the link with your mouse to see if you’re being sent to a legitimate site. Especially look to make sure it’s an https:// link, as http:// sites are not secure. We talk about URL security, including a great Chrome extension to block http:// sites, in our Cybersecurity blog.
If you receive a message from an authority figure, like your boss, asking you to do something quickly, err with caution. Attackers use urgent deadlines and threats to pressure you into making a decision in haste, for fear of repercussions.
Your boss should not ask to you send credit card information or route money to another account via email. If you do receive a call-to-action such as this in your inbox, pick up the phone and call the person to ask if this is a legitimate request.
Before you can safeguard against phishing email scams, it helps to know what you’re looking out for. They’re not all obvious “wire-transfer payment” pleas.
Be alert for the following spam emails:
One of the best things you can do is ensure you aren’t receiving phishing emails is adding proper spam filters to your email platform. Many systems, such as Gmail, will automatically block infected files or suspicious emails from reaching your inbox, but be sure to assess your filters or consult your IT department for proper protection.
Phishing emails are real and serious threats, but they aren’t the only way attackers target individuals within the workplace.
Scammers can try to reach you or members of your team through “vishing” (AKA voice phishing) via phone calls, “SMiShing” (text message phishing), through pop-ups, social media messages and more.
In order to defend against these malicious attacks, your company must be prepared. Do you have multi-factor authentication set up? How about strong firewalls and anti-virus software?
We can help with all those things and more. Explore our Cybersecurity page and let us create a customized strategy to keep you safe from phishing scams and beyond.