In a world where technology is constantly getting more advanced, it makes sense that scammers are getting more advanced too. While nobody thinks they would fall for a phishing scam, sometimes you can only realize your mistake once it’s too late. Regardless of which industry your business may be a part of, knowing what to look for can help you protect your business from cybercriminals.
Before discussing recognizing and avoiding phishing attacks, it is crucial to define what a phishing scam is. A phishing scam can be defined as; sending fraudulent communications that appear to come from a trusted source. Most commonly, phishing attacks aim to steal money or information from a business or individual.
Check The Sender
Often, when a scammer sends an email, the sender’s email address won’t match the email content. For example, if you received an email regarding your Netflix account, the sender’s email should be from Netflix. An important thing to remember is that a legitimate organization will never send emails through a public email domain. Some examples of common public email domains would be; Gmail, AOL, Yahoo! Mail, and iCloud Mail.
Most businesses have emails that include a specific domain name in the email address. Having a domain name incorporated into an email address can help identify who the email is coming from if important information needs to be disclosed via email. In the event of a phishing scam, the domain name will be misspelled. Some examples of misspelling may look like using a “1” instead of an “l” or a “3” instead of a “B.” These subtle changes can be hard to notice at first glance; this is why it is essential to check the sender when an email feels wrong.
Check the Link
Frequently in phishing emails, there will be a link you have to click to change your password or view a significant billing statement. While it may seem like a link won’t be able to inflict that much damage, one link is all a cybercriminal needs to access your information. This risk is why it is crucial to check a link before thinking about clicking it.
To examine a link in an email, hover your cursor directly over the link without clicking it. While your cursor is over the link, you should see the destination address attached to the link. If the email is legitimate, the destination address should match the context and sender of the email. If the destination address does not match the email, it could be a scam, and you shouldn’t take the chance.
Review the Grammar and Formatting
In the case of a phishing email, there are often misspelled words and improper formatting. This could be because the scammer was in a rush, or it could be an attempt to see what is noticed within the email. In most companies, an email will have a predefined message copied and pasted with your personal information plugged in. These email standards are usually checked and proofread before being sent out and rarely contain grammar or formatting errors.
Check the Source
If you receive an email explaining that you need to change your password or pay a fee, double-check that information to ensure it’s correct. For example, if you received an email from Netflix informing you that your password needs to be updated, you should receive that same message when you log into Netflix directly. If you can not find a notification supporting the email, it is probably a scammer. Most businesses will make sure that important information is available to you no matter how you access it.
Note the Tone
Usually, cybercriminals rely on their victims being confused and caught up in the moment for a phishing scam to work. In order to encourage panic and confusion in their victims, cybercriminals will often use an urgent tone in their email communications. These scams will often make you feel like there are no other options and there is no time to complete the task later. A cybercriminal knows that they only need you to believe their lie until you click a malicious link or send important information. Usually, when someone realizes their mistake, it is too late.
Take the time to make sure you are prepared for phishing attacks with the Bigger Brains course, Brain Bites: Staying Safe Online. This course will prepare you and your workforce to recognize phishing attacks and take the proper steps to defend your information.