Email communication is an important business tool, and understanding its potential risks and threats will help you secure your business from any danger.
One of these threats is called Phishing. This kind of scam lures users into clicking on suspicious links in an email or other means of providing secure data by pretending to be someone you know or usually do business with.
While it seems easy enough to avoid these pitfalls, understanding a cyber criminal’s modus operandi will help identify possible scams in the future.
It is not unusual to find these kinds of emails doing the rounds every now and then. Similar to normal fishing, these emails offer ‘bait’ in the hope of having someone take a ‘bite’ and take the action of providing the requested information. You can be proactive by knowing how to identify a ‘dodgy’ email by paying close attention to the branding, company details, and spelling to ensure legitimacy.
1. Fake domains and email addresses
This is a favourite tactic of scammers, using addresses that are similar to another organisation. An example of a “dodgy” email would be receiving an email from email@example.com, instead of firstname.lastname@example.org, asking you to click on a suspicious link. Always be aware of who is sending the email. If unsure check the website domain name: for instance, www.azappi.co.za vs www.azapi.co.za.
More recently, scammers will use a legitimate-looking email like email@example.com, but the email isn’t an actual address associated with the business. If unsure, refer to legitimate previous communications and double-check the company information, paying special attention to the spelling.
2. Verify who the sender is
Remember to verify the sender if you are in doubt. Click on the “Show Details” or hover over the “From” display name to check if the email address is from who you think it comes from. Phishing emails display the “From” email to look like it is coming from someone legitimate when the message is actually coming from someone else. An example would look like this: firstname.lastname@example.org <email@example.com>.
3. “Please confirm your personal details” or “Update your information.”
As a rule of thumb, you should avoid clicking on a link to confirm your details, especially any emails asking you to confirm payment information. In these instances, contact the company or person directly if you consider the email to be legitimate. Also, do not follow any steps provided in the email, as this is exactly what the scammers want you to do. Links in emails, especially shortened ones, should not be clicked on if you are unsure whether the source is legitimate.
4. Style of writing or poorly written emails
Let’s be honest. Scammers are not professional writers, and this is the easiest way to catch them out. These kinds of emails are usually poorly written and may have spelling errors. Or they just don’t sound the way the person usually writes. If you feel uneasy about a particular email, give the email sender a call to clarify or check with your email provider.
5. A suspicious attachment
Luring the user to download a suspicious attachment is another giveaway of these kinds of scams. Attachments usually contain a malicious URL or trojan, often used to install malware on your PC. You can nullify this threat by utilising antivirus software on your computer.
6. Sense of urgency
Human emotion is a powerful thing, and unfortunately, scammers are very aware of this fact. They know that you are more likely to click on a malicious link if they can get you to panic or become anxious. While you should definitely be alert, messages alerting you to “click NOW to keep your account active” can mostly be considered a false alarm.
The reality of cybercrime
In a digitally driven world where email is our lifeline, cyber threats are real too. Now that you know how to identify a phishing attempt you’ll be less likely to fall prey to this kind of cybercrime. If you are a business owner you should consider securing your email accounts by implementing some of the following measures:
Is your first line of defence against security threats and controlling data from the Internet. It monitors all network traffic and can take action before content or files come into your network.
- Spam filters
Setup a spam filter that detects viruses, blank senders, etc.
- Antivirus software
Install an antivirus solution, schedule signature updates and monitor the antivirus status of equipment in your office.
- Password security
Never share your email passwords unless you are logging into your email provider’s website.
- Staff training
Provide regular security training to your staff so that they are aware of and can identify phishing scams, malware and social engineering threats.
Understanding and mitigating the potential risks that cybercrime has for your business will ensure that your business and employees are safeguarded from this threat. Taking the cautious route is always a good idea and if you are looking for a catchy slogan then just remember, “When in doubt, throw out.”
Our email support team is always ready and willing to help you deal with a dodgy email. You are welcome to give us a shout on firstname.lastname@example.org or 087 8200 780.