Phishing is the practice of tricking someone to get their sensitive information. The “bait” is often an email created to look like a message from your bank, the government, or even a family member in an emergency.
Given the urgency of the message, an unsuspecting user will click a link to a fake (but convincing) website and provide information such as: username and password, credit card number, address and phone number, social security numbers, and so on. The hacker will keep records of everything they’re given.
These phishing emails include links saying things like, “important documents that require your immediate attention”. They may include attachments to files labeled “tax return” or “bank statement” or “invoice”. Clicking on these links will compromise your data security.
How to Detect a Phishing Email
Fortunately, detecting phishing attempts is relatively easy once you’re aware of the signs. If you receive a suspicious or abnormal email, follow these steps.
- Verify the sender
- Check for spelling and grammatical errors
- Hover over the links and check web destination
- Check the attachment’s file extensions
Verify the Sender
Email scammers are able to disguise their strange email address with a normal “sender” name. The sender names appear in bold in your inbox. To verify the sender’s actual address, open the email and look next to the sender’s name.
It looks like this: Sender’s Name <[email protected]>. Read the address closely and literally mind your p’s and q’s. For example, google.com and gooqle.com look very similar at a glance. A hacker will change an address by just one letter.
Check for spelling and grammatical errors
Phishing scams can originate from non-englishing speaking areas. So if you read an email and it sounds like broken english, there is a high potential for phishing. Likewise with spelling mistakes. The chances of your bank or the IRS sending you an email with a typo is very small.
Hover over the links and check web destination
Before you click anything in an email, move your mouse over the link. Look at the bottom-left corner of your browser window. You will see the web address the link will take you too. Read it very carefully to ensure it’s a site you trust.
Check the attachment’s file extensions
File extensions are the few characters you see at the end of a digital file. Common ones include .png, .pdf, .docx, and .mp3. The one you need to watch for is .exe. .exe files contain “executable programs” with the ability of infecting your system with malware and other computer viruses.
Additional Preventative Measures
Antivirus and Antimalware Software
Since these tactics are based on a human-being’s comfort with technical computer systems, they are not fool-proof. Phishing is a method of social engineering, meaning they are targeting our brain, not our computer.
We recommend fortifying your security with antimalware and antivirus software. With these installed, a malicious email attachment will be stopped before it harms your system. However, you’re still susceptible to social engineering, ie: landing on fake websites and providing your information.
Enlist an Identity Monitoring Service
Identity monitoring services will notify you when your data has been breached. If you’re a Credit Karma user, a service like this is included. Otherwise, resources like Have I Been Pwned will give you a detailed list of the times your email has been linked with a data breach, describe the the data that was stolen. For business owners, you can use the domain search and see if any accounts linked to your company have been breached.
Draft a recurring memo including these tips so the information stays fresh in your employee’s minds. Considering sharing stories about high-profile phishing scams, like this one where a Shark Tank host lost $400,000 when she opened an email from someone who appeared to be her assistent.
Professional IT Training
Our IT technicians are available for workshops to train your employees. They will cover phishing, malware attacks, password policies, data recovery, networking and other threats to your business’s cybersecurity. To schedule a session, contact us at [email protected].