It’s summertime, which means all the cyber criminals have gone phishing! Of course, for them it isn’t just a summertime trip – it’s a daily grind. In fact, last year over 1,330,523 phishing attacks were recorded – 65% more than the previous year. And that’s just the ones that were reported! And over the last few years, businesses have seen a sharp increase in attacks aimed at them. With the average cost of a successful phishing scam running £1.6 million to the target business, it’s no surprise that companies are starting to worry about their security. So, if you want to keep that money in your bank account and out of the hands of criminals, you need to make sure you aren’t a victim of a phishing scam. But how can you spot one? Well, here are 9 common elements of phishing emails, and how to handle them.
‘Recognised’ Sender: For businesses, phishing emails are often disguised as someone from within the business sending you an email. This kind of email usually includes an attachment or link, disguised as something you might expect, like an HR document, shipping confirmation or an IT department request to change a password. The email might look like it’s come from a colleague, manager or even the CEO. If you receive something like this and you aren’t expecting it, go to the person and confirm it’s come from them before you click on or open anything.
Attachments And Links: A lot of scams work by persuading you to click on a link or open an attachment. Those links will lead to websites that infect your computer with malware, or else ask you to enter personal information to proceed. Sophisticated ones might look like a portal your business uses, and ask you to input your login details to continue. Once you do that, the criminals have your login info and can then access any information they like within your business. Attachments usually contain malware, which can damage your company infrastructure, destroy your data or steal confidential information. Never click on a link or open an attachment that wasn’t asked for or expected.
Personal Information Requests: Consider any email request for confidential information as suspicious. Legitimate companies will never request a username, password, credit card numbers, bank details or other information in this way. Don’t respond to the links in unsolicited messages, and never give sensitive information to anyone on the phone, in person or through email without thoroughly checking the organisation is legit.
Wrong Addresses: Scam emails will often give themselves away by having an incorrect or suspicious URL or email domain. For example, if an email claiming to be from HMRC actually comes from a Gmail account, it’s a scam. Never click on links that look suspicious – hover your mouse over the URL to check what it is before you click, and if it doesn’t look legit, don’t click.
Spelling & Grammar Mistakes: It sounds harsh, but a lot of these phishing scams are created by people who don’t speak English as a first language. A common trait of phishing emails are spelling mistakes, grammatical errors and syntax problems. Real businesses don’t send messages without first checking all of these things, so if your email looks fishy, it probably is.
Generic Greeting: An email that arrives addressed to ‘customer’ ‘valued client’, ‘member’ or anything else generic is likely to either be spam or a phishing attempt. Most organisations will use your proper name, so if they don’t, it’s worth contacting the company before you do anything to check if it’s legitimate.
Important Alerts: A 2017 KnowBe4 survey sent 6.6 million bogus messages to more than 2 million people to see which phishing attempts were most successful. The top subject line lure was ‘Security Alert’ – 21% of the people clicked on links inside the message. Other successful lures were ‘Revised Holiday and Sick Time Policy’, ‘UPS Delivery’, ‘Breaking News’, ‘Updated Healthcare Info’, and ‘Change of Password Required Immediately’. Ignore these alerts.
Threats: Phishing scams prey on 2 things – emotions and fear. If you get an email that is threatening you to get you to send them information, trying to make you feel sorry for the sender and send them money, or threatens in some way that requires urgent action, it’s likely a scam. Confirm with the organisation before doing anything.
Amazing Offers: If you get an email with an offer that seems ‘too good to be true’, it probably is. Listen to your gut, and never click on anything that includes amazing offers that just don’t seem realistic.
At Greenaway, we might not deal with digital security, but we understand how important physical security is to your digital security. Leaving confidential information lying around, unprotected and undestroyed can cause significant harm to businesses, and make you more vulnerable to phishing scams. The more information these criminals have on you, the more realistic they will be able to make their attempts, and the more likely they are to succeed. Don’t be another statistic – get in touch with us today and protect your data from thieves.