A phishing email is designed to elicit personal information such as credit card details, passwords, birthdates, or to entice you to download damaging viruses. Successful phishing can result in identity theft, data breaches, and ultimately, financial devastation. Phishing started in the early 2000’s and since then, criminals have gotten much more creative with disguising them as legitimate emails. From project proposals to payment confirmations, cyber criminals spend a great deal of time perfecting the most successful ways to get you to respond to that detrimental email. Security measures such as updated security patches, encrypting sensitive company information, and general cybersecurity practices should be utilized to help prevent successful phishing, but in spite of these measures, many emails slip through making you or your company vulnerable to human error.
Education is a key to prevention, so here are some tips to help identify phishing emails before you’re on the hook:
This type of phishing email is designed to get you to react instinctively and without thought. We all love to receive something for nothing, and this thought process is something that cybercriminals are counting on. We all know deep down that nothing is free, so if an offer sounds too good to be true, it probably is.
People tend to react with urgency to threats against their reputation or credit status. That being said, cybercriminals will utilize these tactics to draw an immediate reaction. An example of this would be: Your account is past due. Confirm your payment information now to avoid termination. Bottom line, if you receive any email requiring immediate action, do not respond or click on a link. If there is a legitimate concern, contact them directly.
We all receive emails with hyperlinks from legitimate sources and click on them without issue. However, cybercriminals embed links disguised as receipts, offers, proposals or general information. They encourage you to click on it to recover private information. You can confirm an email is from a legitimate source by hovering over it to reveal the actual URL. Pay particular attention to any misspellings or improper domain extensions such as .net instead of .com.
Cybercriminals have mastered the art of recreating emails that look like they’re from a legitimate source and including attachments. Attachments can be particularly damaging because they can contain ransomware or viruses. Do not open anything that is unexpected or that doesn’t make sense to you.
Emails may seem like they’re coming from someone you know, but if the display name doesn’t match the email address or it is a bogus domain name, it’s a telltale sign that this is a phishing expedition.
Check the signature of the email for additional contact information. If the only contact information that the sender is providing you with is a response to their email, this is a great indication that the email is not valid.
The bottom line is that when you’re trying to distinguish if an email is legitimate, use your gut. If it feels even slightly suspicious, confirm its validity with your IT department or other expert before interacting with it.
Ford Business Machines offers free consultations that will evaluate your current systems to determine whether or not you are protected against and prepared to identify phishing threats. Call 800.633.3673 today.