Has there ever been a time where you came across an email in your inbox that appears to be from a legitimate sender? Unsure whether the email is important, you click on it to see what it is all about. Your heart starts to race because the first couple words you read are "we need your help resolving an issue with your account" An issue with my account?! What account?! The email has PayPal's logo at the top, so you assume they are referring to your businesses PayPal account. Your mind starts to go in all different directions, worried about what this may mean for your business. Without any thought, you click on the login link provided at the bottom of the email and type in your credentials. And in a blink of an eye.... your entire business and assets are immediately put in jeopardy.
This situation and many others involving phishing emails is terrifying for any business owner. Phishing is exactly how it sounds, hackers are “phishing” for personal information or credentials by impersonating a legitimate brand and sending users to a malicious website. It does not help that phishing emails are becoming harder to detect. According to Cofense's Phishing Threat and Malware review, 74% of phishing attacks between October 2018 and March 2019 involved credential phishing- stealing usernames and passwords. Despite what businesses think they know about phishing attacks; they consistently fall victim. In this blog, we are going to review three clues to help you and your employees spot phishing emails.
Clue 1: Emails demanding urgent action
If an email threatens a negative consequence or loss of opportunity unless urgent action is taken, you can assume it is most likely a phishing email. Like the scenario presented at the beginning of this blog, attackers will attempt to rush recipients into an action before they have time to study the email for potential flaws. If you or one of your employees receives an email that is questionable, take a few minutes to review the email before acting. You can also contact the company to find out if there is an issue with your account.
Clue 2: Emails with bad grammar or spelling mistakes
Typos happen to the best of us. But if you receive an email with several misspelled words, or the email in general does not make sense, it is safe to presume that the email might be sent from someone phishing. An email from a legitimate company is typically well written. Hackers are not stupid. They prey on the uneducated believing them to be less observant, thus easier targets. Don’t fall into their trap!
Clue 3: Emails that are too good to be true
These are the types of emails that gives an incentive for the recipient to click on a link or open an attachment by claiming there will be a reward of some nature. If the sender of the email seems unfamiliar to you or you did not initiate contact, it could be a phishing email. Again, you can always reach out to the company the are claiming to be to check whether the email is legitimate or not.
It does not matter if you have the most secure security system in the world. It takes only one untrained employee to be fooled by a phishing attack and give away the data your business has worked so hard to protect. Conditioning employees in how to spot and report suspicious emails should be an exercise performed at every business. Making sure your employees understand the telltale signs of a phishing attempt could save your business from the loss of valuable data, time and money.
If your business is interested in learning more about cybersecurity or ways to prevent cyber-attacks, reach out to Communications Deployment Partners. One of our experts would be happy to assist in answering any of your questions or concerns. We also have a handful of technology solutions that help to reduce the risk of cyber-attacks. Contact us today at 215-343-5580 or email@example.com to learn more.