Sending emails plays a key role in a company’s business operations, with 86% of professionals preferring email as their primary means of business communication. Because they’re so heavily relied upon, email accounts are common targets for cybercriminals. Using a method called phishing, these attacks are disguised as run-of-the-mill, regular emails, often appearing to be sent by someone you trust. Unless you know what to look for, these can spell disaster for an organization.
Phishing is an email scam that entails sending emails under the guise of a reputable company to convince people to provide sensitive information like passwords, social security numbers, and account numbers. While both large corporations and SMBs can be targets of phishing, SMBs typically don’t have the financial resources to absorb the potential consequences like a larger organization – which can be crippling.
In today’s email-centric world, it can be difficult for an employee to weed out the good emails from the bad given the volume one can get over the course of the day. Fortunately, there are ways to distinguish between a legitimate email and a phishing email.
Check the Domain
Make no mistake, the people behind these emails are smart. If you receive a suspicious email, the first thing to check is the sender’s domain name. Credible companies will use a domain exclusive to their organization’s domain or account, like “@teqworks.com”. On the other hand, phishing emails can come from public domains like a Gmail, Yahoo or Hotmail account. In some cases, the sender’s address may simply be misspelled. If you don’t recognize the sender, the best thing to do is check with Google and vet the company to be safe.
Check the Sender
Check the sender. When the sender looks like someone you trust but uses a different email address, this is “spoofing.” A “friendly name” may look like your boss or coworker, but click, long-press, or hover over the name to see the email address. If it is not the exact address of the coworker then this email is spoofed and you are being phished.
Poor Grammar or Spelling
If you were to send an email, you would make sure spelling and grammar are correct. Emails riddled with bad spelling and poor grammar are a red flag.
Time is of the Essence
Phishing emails will attempt to raise alarm and bring about an intense sense of urgency. By using scare tactics, hackers hope to coax an individual into making a snap decision that can result in a compromise of sensitive data.
Unexpected Requests
Unexpected requests. Is it common to get requests like this from the person from whom you received the message? Do they often ask you to get Amazon gift cards for clients? Did this person ask you to just respond to email and not call because they are busy? If these trigger suspicion, contact the person directly and ask whether they sent you the request – don’t respond to the email until you’ve confirmed.
Asks for Personal Information
A legitimate company will NEVER ask for sensitive information, such as credit card numbers, social security numbers, or passwords over email. If you’re prompted to provide such information, don’t. This is one of the easiest ways to spot a phishing email.
Suspicious Links and Attachments
Phishing will often include links or downloadable documents that redirect you to a malware site. While we recommend you don’t click these links, the attachments can be more deceptive.
Before deciding to download, hover your cursor over the top of the attachment to check the destination link. Even if you recognize the links, the safest option is to check the link by dropping it into your URL and checking if it comes from a credible source.
Too Good To Be True
Hackers will attempt to access your cloud account by any means necessary – that includes making an offer you couldn’t possibly refuse. Phishing emails will often contain false rewards or other disingenuous promises that seem too good to be true. This is a classic technique that has successfully compromised the data of many SMBs.
Staying vigilant by training employees on what to be wary of and keeping your cybersecurity software up-to-date helps keep your business protected. In the world of cybersecurity technology, Teqworks offers Advanced Threat Protection (ATP) – the premier security service on the market. Our comprehensive process predicts, educates, prevents, detects & responds to, and recovers your data if it becomes compromised.
Reach out to Teqworks today and set up an appointment to have your current system assessed and speak to an expert on what you can do to improve your cybersecurity environment. We’ll help you understand the landscape of the industry and how your business can stay safe, secure, and out of harm’s way.