Even with all the media and information floating the web, did you know that over half of all users end up opening fake emails? And many even fall for them? Think of the person you work closest with at your company. One of you is likely not going to open one in the near future. It’s good to review the basics before one of those opens turns into something a lot more dangerous.
Phishing is done with the aim of gathering sensitive information about your company, generally related to finances. The most common reason for failure to identify fake emails is that the phishing attempts are often well-disguised. They’re purposefully vague or they target very specific verbiage. This way they escape the eyes of a busy email-reader.
Here are a few tips that help identify whether that email really came from your bank or is another attempt at getting to your money:
- Asking for personal information – Remember, no bank or financial institution asks you to share your key personal information via email, or even phone. So, if you get an email where they ask for your ATM PIN or your e-banking password, something’s amiss.
- Links seem to be fake – Phishing emails almost always contain links that you are asked to click on. A standard rule of thumb for any organization is that you should always (yes, even when they come from your CEO) verify the links in received emails are genuine. Here are a few things to look for when doing that:
- Spelling – Check for the misspellings in the URL. For example, if your bank’s web address is www.bankofamerica.com, a phishing scheme email could misspell it as www.bankofamarica.com or www.bankofamerica-verification.com
- Disguised URLs – Sometimes, URLs can be disguised. Meaning, while they look genuine, they ultimately redirect you to some fraudulent site. You can recognize the actual URL when you mouseover over it by hovering over the hyperlink. You should see a preview of the hyperlink’s actual address at the bottom of your screen. Remember to never, NEVER ever, click a hyperlink immediately or paste the hyperlink directly into your browser.
- URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, run away as fast as you can even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL firstname.lastname@example.org will take you to mysite.net and not to any Bank of America page.
- Other tell-tale signs – Apart from identifying fake URLs, there are other tell-tale signs that help you identify fraudulent emails. Some of these include:
- Emails where the main message is in the form of an image, which, upon opening, takes you to the malicious URL.
- Emails that have attachments. Never open attachments from unknown sources as they may contain viruses that can harm your computer and network.
- The message seems to urge you to do something immediately. Scammers often induce a sense of urgency in their emails and threaten you with consequences if you don’t respond. For example, threat of bank account closure if you don’t verify your ATM PIN or e-banking password.
What can you do?
Get a good anti-virus/email protection program installed. These range widely but the best include quarantining features for suspicious emails and malicious link scans among many other proactive features.
We partner with some of the best cybersecurity technologies in the IT world to provide a complete security solution that even includes end user training, testing, and certifying. If you’re interested in how your company can get enterprise security tools at small business prices, just contact us. We can talk you through all the features and how they can help you.