Whether to your work or personal account, EVERYBODY has gotten a phishing email. As we continue to rely more and more on email and digital transactions, email scams grow more sophisticated and more dangerous. In 2018, Verizon Data Breach Investigations reported that phishing was used in 93% of breaches.
And a breach doesn’t simply mean annoying emails from “girls in your area,” it can mean theft. The real estate industry is ripe for the phishing, for example, since lots of money changes hands over weak links. A single compromised step during that transaction could lead to a spammer accessing your information. An excited homebuyer could easily deposit their down payment right into the pockets of scammers as directed by an official looking email, like this Texas woman.
The best defense against the onslaught of botnets-for-hire and Malware as a Service (MaaS) is education. To keep your users, and bank accounts, safe, follow these 10 tips to identify phishing emails.
1. Treat emails with unexpected info suspiciously, such as shipments or payment info, as they can contain links to malware sites. Below is an example of a phishing email that mentions “payment advice” –
2. Beware any email that asks for personal information like account numbers, social security numbers, or addresses. Legit businesses never ask for that type of info via email.
3. Don’t fall for any message that seems urgent or threatening, like a claim that your account is suspended, or you need to click a link to unlock your account.
4. If an email contains spelling errors or confusing language, it’s phishing! This tip seems silly, but it’s a simple way to safeguard yourself. Real companies have stringent procedures when sending emails to customers and often must pass through several editing steps.
5. Spammers can name a link anything they want, so hover over links to see where it will actually take you. A dangerous URL can be camouflaged with a seemingly innocent name.
6. Legitimate businesses usually use your real first and last names when addressing you in an email. Beware of emails that have a generic greeting, like “Valued Customer” or “Dear Sir/Madam,” like the email below.
7. Similarly to the greeting, if the signature of the message is kept vague, it could be phishing. Genuine businesses will always include specific details in the signature. This email doesn’t include the senders name, phone number, or address –
8. Don’t download any attachments if you’re suspicious of the sender or message! Spammers have an easy way of blasting messages loaded with malware to thousands of users, thanks to Ransomware as a Service (RaaS), and you could be one of the unlucky recipients.
9. Just as URLs can be faked, so can the From address. If the From email address doesn’t match the From name, proceed with caution. The actual sender of our phishing email below is most certainly NOT HSBC Bank –
10. Another entry point for ransomware infections is the macros in Word documents, so DON’T enable the macros! Phishers often attach a Word doc claiming it’s from HR, Finance, or even the CEO, and then request the email recipient to enable the macros. Don’t fall for it.Even though spam filters do a great job at catching most suspicious emails, the fact is, there are just so many of them. So be knowledgeable and prepared to stop those phishers in their tracks.