Phishing attackers have become more sophisticated over the years. No longer are the large part of phishing emails a message from a “prince” in a far-off land. Instead, phishing mimics many of the emails we get every day, like shipping notices, purchase order requests, and credit card offers from our bank.
People are easily fooled if they’re not diligent about thoroughly checking emails. Scammers are counting on the following factors:
- People are too busy to catch a slightly misspelled word
- People will click without hovering over links
- People will forward a scam email to someone else in their office without any explanation (which makes the person think the email is more legitimate)
- People will succumb to emotional triggers like the threat of losing access to an account if they don’t take action
- People won’t look any further than the email body
It’s important to be self-aware when going through your email inbox or social media feed (social phishing is also prevalent). It’s not only the responsibility of the anti-virus or malware to prevent phishing attacks, it’s a team effort and users need to take their part.
Here are some tips for becoming better at phishing detection so you can avoid a personal or companywide breach of information and improve cybersecurity.
Ask the Right Questions
You need to be diligent and ask the right questions when you receive an unsolicited or unexpected email. Don’t just ask yourself, “Am I going to get in trouble if I don’t do something about this email?”
You want to approach an email as potential fraud and ask questions like: “Am I expecting such an email with an attachment?” and “Do I know the person that sent this?” and “Do I use the service the email is about?”
Often, taking the time to stop and stay when you get an email, instead of automatically believing it to be legitimate, can be all it takes for you to realize it’s a scam.
Don’t Believe What You See in the “Sender” Line
Many people get fooled by what they see as the email sender. They’ll look up and recognize an email address, and without looking further, will assume that that the email is legitimate.
Scammers can easily spoof the email address that you see as the sender. They can use a completely different domain (even your own company’s) than the message is actually sent from.
They can also use copycat domains that look like they might be legitimate, but that isn’t real at all.
For example, this well-done scam email that purports to be from Bank of America has the sender as “[email protected]”
That address would fool most users because they might think that it’s just one of the emails that the bank uses to send out email notices. However, a Google search of that email address shows that it’s a scam.
Don’t just trust the email address you see as the sender. Instead, do further research to ensure it’s legitimate. You can do this by calling your IT provider (we are happy to help identify scam emails for you). You can also call to ask the person or company that the email is purporting to be from if they actually sent it.
Be Wary of Links in Emails
Phishing attackers began using links in most phishing campaigns instead of attachments because users tend to trust them more. They also can get by the more basic antivirus applications.
Make sure to hover over links before you click on them to reveal the real URL. Often it will be a URL that has nothing to do with the company the email is pretending to be from.
Another safeguard against malicious links is a DNS filter. This application will look at URLs before directing your browser to them. If it finds a phishing site, you’ll be directed to a warning page instead of the dangerous site.
Get a Professional Second Opinion
It’s best to get a second opinion from a professional if you’re unsure whether an email is phishing or legitimate. Today’s scams are very sophisticated and some can be difficult for users to identify on their own. Just forward the sample to us when in doubt. Better to be safe than sorry. We help all our clients this way!
Shore Up Your Email Defenses Against Phishing Attacks
Don’t leave your business unprotected against the main vector of online attacks. Data First Solutions can help your Toronto area business combat phishing attacks through a combination of software and awareness training solutions.
Contact us today to book a free assessment. Call 416-412-0576 or book your assessment online.