Since the start of the pandemic, there has been a troubling resurgence of scam activity ranging from robocalls to phishing emails. According to a study on phishing email activity by F5 Labs, “phishing incidents rose 220% during the height of the global pandemic compared to the yearly average”. No doubt you’ve also seen a rise of funny-looking emails coming into your inbox lately, and if you haven’t – your spam filter is probably working overtime in the background!
We want to keep our clients and employees safe from phishing emails, so we’ve collected some helpful information to ensure you know how to protect yourself. Even if you’re an internet veteran, it never hurts to have a little refresher!
What Is a Phishing Email?
What is a “phishing email”, anyways? Simply put, it’s a fraudulent email with malicious intent to get you to click on a dangerous link, share personal/secure info, or in more elaborate cases, participate in financial fraud. The phrase “phishing” is just fishing with a “ph”, which stems from early hackers being known as phreaks. Generally speaking, these emails are sent en masse to thousands and thousands of emails – mostly at random, but in some cases more targeted. The idea is throwing these lures out in droves in hopes that a few bites come in. You don’t want to be the fish that takes the bait!
How Does a Phishing Email Work?
Phishing emails are, in essence, a social engineering attack. The intent is fraudulently gain access to sensitive data such as credit card information, social security numbers, and more. These emails will be designed to trick the recipient into believing it is from a trusted source like a coworker, boss, government agency, or otherwise reputable person/business. In most cases, there will be some type of link that either directs the user to log in to a fraudulent website or to download some form of malware that will infect the user’s system.
Links to outside sources will often prompt you to use your credentials to log in to something such as your bank account. Instead of logging into the real website, you’ll simply be gift wrapping your credentials over to the scammers. Malware installed can have devastating effects, including granting the scammers access to your computer – or worse yet, a network of computers like your entire office.
When in doubt, NEVER click these links.
How Can I Identify a Phishing Email?
So how do you know if an email is legitimate or not? In some cases, it’s going to be pretty obvious. Other more sophisticated attempts may disguise it well enough that if you aren’t paying attention, you can fall victim. If you’re being asked to disclose sensitive information, NEVER assume the email is from a trusted sender. Here are 5 simple ways you can spot a phishing email right off the bat!
1. The Email Was Sent From a Public Domain/Misspelled Domain
Right off the bat, the email address will be a surefire way to identify a phishing scam. Keep in mind that anyone can create an email with the same name as a trusted company or individual. What you want to look for is the @ address. Is it @gmail.com? @hotmail.com? @yahoo.com? These are public domains that anyone can use. There is no guaranteed legitimacy here. Of course, there are exceptions in which a trusted individual may use a public domain for their email address. If you’re still uncertain, there’s plenty more to check.
Another first step to identifying a phishing email, a misspelled domain name is all but guaranteed to be a scam. If the sender is attempting to appear as someone from Amazon, for example, and the domain name is “[email protected],” it’s not legitimate. You can see that “Amazon” is misspelled right there in the domain. Do you think the real company would have a misspelling in their email address? Of course not!
2. The Email Has Lots of Grammar Issues
Many phishing emails originate from overseas. English is often not the first language of the author of the email. This makes your job easier for sure! If you’re noticing lots and lots of grammatical errors or awkward phrasing, that’s a good indicator that something isn’t quite right here.
3. There Are Suspicious Links or Attachments
As mentioned early in our blog, phishing emails generally intend to install spyware/malware on your computer or direct you toward a malicious website. Use extreme caution when receiving a suspicious email that contains an attachment or unsolicited links.
The link/attachment may:
- Have a general name (Invoice.pdf)
- Have an obscured name (q4d6f6.doc)
- Be a shortened link (https://bit.ly/3mmisUp)
- Simply be something you didn’t ask for and weren’t expecting
4. The Email Wants You to Do it Now!
When people are under pressure or stress, they typically don’t make the best decisions. Scammers know this! The attacker will often try to convince you that action is required on your behalf right away. They don’t want you to stop and think about the email or what you are doing.
5. The Offer is Too Good To Be True!
No, you didn’t win the lottery (that you never even entered), and the Prince of Zimbabwe definitely doesn’t need your help. If there is some offer that seems way too good to be true, it probably is!
Did you know that 85% of data breaches are due to phishing attacks and/or stolen user credentials? That means it’s not usually insecure systems that are being hacked directly, but rather unknowing individuals that are being taken advantage of. Even worse, 45% of compromised users don’t change their passwords after the breach!
When in doubt, be vigilant. Take a careful look at the email (without clicking links or downloading attachments) and make an assessment. Does it look unusual? Does it fit the criteria of a phishing email listed above? Don’t take a risk – it’s just not worth it. Trust your instincts and stay safe!