Phishing is one of those threats that has been around for a long time, and as time passes by, these threats only become more difficult to identify. Some businesses can’t tell the difference between phishing scams and actual emails. Here’s how your company can take steps toward properly identifying and responding to phishing emails.
To illustrate our point, let’s look at an example. You might receive emails claiming that you have won some wild prizes, but you don’t remember putting your name into the running for them. The message is delivered in a way that makes you think it’s from someone who doesn’t speak proper English, and it certainly doesn’t sound like a professional message. Plus, the email makes you want to pull the trigger immediately by claiming that the prizes are time-sensitive.
These are all common tactics used in phishing messages. They often come in the form of fake invoices or from those higher up in the chain of command. You might receive a message that appears to come from your boss asking for a wire transfer, for example. It’s safe to say that this is troublesome at best.
Essentially, the majority of phishing emails will showcase the following characteristics:
- Something that appears too good (or too wild) to be true (winning prizes, receiving awards)
- Spelling and grammar errors; many phishing campaigns originate outside of the United States
- A sense of urgency that pushes the user to act a certain way, such as paying an invoice or clicking on a link to enter contact/financial information
- Links to click on or attachments to download; these are often infected with malware or give hackers alternative methods of infiltrating your systems.
- The email comes from a strange email address that does not coincide with the sender’s supposed identity. It’s always important to check the sender.
These are far from the only warning signs, but they are the ones that you should be particularly aware of. Phishing messages often look so convincing that the recipient might not even think twice before downloading an attachment or clicking on a link. It’s important that you treat all messages with the same level of scrutiny at the minimum. Be sure to try to identify the identities of the senders if possible through some type of external communication, like a phone number or, you know, walking to their office.
Wolk9IT wants to help your business train employees to identify threats from phishing scams and emails. If you can train your staff to leverage a certain level of scrutiny against messages like these, then you naturally make them more resilient to falling for them. To learn more about how you can make this happen, give us a call at (646) 741-1166.