If you're not familiar with the term phishing, you might be more familiar with the Nigerian Prince Phishing email back in 2016 and its alleged perpetrator's arrest last year. Though it's dubbed "the butt of late night jokes" by the FTC, phishing in general has taken a serious turn.
Phishing has been on the rise in 2018, with it as the number one perceived threat for SMBs in 2018 according to Webroot. It doesn't stop there; Verizon's Data Breach Investigation Report says that 96% of malware's entry point is by email. Though 78% of people in Verizon's report successfully avoided a phishing email, there's always that 12% that you can help educate to make that 100%.
What is a Phishing Email?
According to Phishing.org, phishing is a form of a cyber attack that involves sending a fraudulent email to a user to obtain sensitive information such as passwords or credit card/banking details. With this, cyber criminals can access accounts to steal money or identities.
5 Signs That It's a Phishing Scam
1. The Sender Assumes an Identity You're Familiar With
Make sure the email comes from a legitimate source. On the surface, the sender may look like an authorized or established company such as Amazon or Apple. However, when you click or hover over the sender's name, you can usually find if they really who they say they are. You'll find that their email address may come from amazon.net rather than amazon.com.
Or, they might take an alias and pose as someone you know personally. For example, they might change their email address by adding or taking away characters in the email address. Let's say you know a John Smith.
2. Links with Suspicious URLs
If the email is requesting you to click on a link or a button, you can usually move your mouse to hover over it. In the bottom left hand corner of your web browser, you will see a thin box that holds the actual URL. From there, you can determine if the link is trusted or not.
3. Asks You To Verify Your Identity
If you unknowingly click on a link in the phishing email that redirects you to a login in screen, make sure the URL is legitimate. As mentioned before, many attackers will pose as a credible source, like Gmail. Within the email, they might ask you to verify your identity on web pages to look like legitimate login pages (when the pages are really there to capture your info). Whatever you do, don't put in your information.
4. Doesn't Address You Directly
With so many newsletters and marketing emails people are subscribed to, it can be tough to actually spot a phishing email. You'll either ignore you're inbox, or try to go through everything without looking for the clues. That's what hackers want you to do. Another way to tell if it's a phishing email is if the email doesn't address you specifically. That could be "Hello Dear", "Dear brother", etc. According to Steve from our IT Support Team, this is currently the number one way to get hacked.
5. Mysterious Sender + Mysterious PDF
If you don't know the sender, don't open the PDF if there is one attached. As mentioned in the 4th sign, it can be hard to exactly spot a phishing email this way because of marketing emails. If you do decide to open/download the PDF, make sure you know the sender. Usually, attackers load the PDF with malicious software that could infect your computer.
What Now? (As a Business & Consumer)
Phishing emails are exponentially becoming more advanced which makes it harder to spot them. Still there are many tools and ways to make sure you are safe.
For business - you can check in with your IT Team and ask them to verify its safety. It's good to report suspicious emails because it also helps your coworkers stay safe. There's also preventative resources such as phishing testing training (where you can test you and your employees to see if they can spot a phishing email) and phishing scam detectors.
Unfortunately, there is no consumer grade version of those preventative resources. But, if you're ever in doubt, ask the sender (they're trying to pose as) if they ever sent something like this to you - send them a screenshot or forward the email to them. Worst comes to worst, they didn't send the email and now you just ignore it.
See something suspicious in you're inbox? Give us a call at (888) 393-6565 and we'll help you determine if it's safe.
Other Sources: Scam Examples