Phishing scams have been around for a long time, and they have only grown more convincing and more dangerous. Some businesses can’t even tell the difference between phishing scams and legitimate messages! How can your organization take the fight to phishing emails? It all starts with knowing what to look out for.
Let’s use a practical example of what kind of language you might see in a phishing email. Let’s say you receive an email stating that you are the recipient of an incredible prize. The funny thing is, you don’t remember applying for or ever hearing about this prize before. The message has a questionable grasp on the English language, too, at least to the point where it can hardly be considered a professional message. Furthermore, the email urges you to click on a link to claim your prize within a specific time frame before the prize is no longer available.
All of these traits are common amongst phishing messages, but they also often come in the form of fake invoices, service requests, and in some cases higher up the chain of command (a concept known as whaling). For example, maybe you receive a message from your boss, who is currently traveling on the other side of the country, asking you to wire transfer funds to them in a timely manner.
Essentially, the majority of phishing emails will showcase the following characteristics:
- Something that appears too good (or too wild) to be true (winning prizes, receiving awards)
- Spelling and grammar errors; many phishing campaigns originate outside of the United States
- A sense of urgency that pushes the user to act a certain way, such as paying an invoice or clicking on a link to enter contact/financial information
- Links to click on or attachments to download; these are often infected with malware or give hackers alternative methods of infiltrating your systems.
- The email comes from a strange email address that does not coincide with the sender’s supposed identity. It’s always important to check the sender.
These are certainly not the only warning signs, but they are the basics that one should look out for. As we mentioned before, sometimes phishing messages can be so convincing that the recipient doesn’t think twice before downloading the attachment or clicking on the links in the email. This is a dangerous practice. It’s critical that you treat messages with a certain level of scrutiny, no matter who they come from and, when possible, try to confirm the identity of the sender outside of the email message.
Horne & Benik is of the mind that proper training can alleviate many of the challenges from phishing scams and emails. If you train your staff on how to avoid these threats, they will be more likely to respond to them in a way which doesn’t create a major security headache. Of course, it doesn’t hurt to have some security solutions in place, either.
To learn more about how we can use technology and training to augment your security strategy, reach out to us at (603) 499-4400.