Some hackers use code to commit cybercrime; others use simple social engineering. Phishing attacks rely on hacking (psychologically manipulating) the user’s brain to gain access to sensitive information. Unfortunately, this has proved to be rather easy for hackers to do. In fact, 97% of people around the world are unable to identify a sophisticated phishing email, according to cybersecurity expert Estelle Derouet.
Not only are phishing attacks likely to be successful due to widespread user ignorance, but they are very easy for the cybercriminal to administer using automated Phishing-as-a-Service campaigns. This is why over half of all internet users get at least one phishing email a day.
Of course, there are enterprise-grade IT security services that companies use to stop the majority of these malicious emails entering users’ inboxes in the first place. But, no matter what companies do, a few will manage to find their way through. These are the more sophisticated phishing campaigns, and, therefore, you can bet that if they have got this far that they are more likely to be successful.
Defence really is the best form of retaliation when it comes to suspicious email activity. There is not yet a helmet invented that you can pop on the user’s head to ward off social engineering attacks. But, luckily, a bit of user training can do the trick! Educating your employees on how to identify a suspicious email is the best protection against any scammer that gets through your security measures.
Scammers usually try to mimic the email address of the company they are pretending to represent. The display email address in the user inbox will, therefore, contain a well-known company name or brand. While this tactic gives a sniff of authenticity to the email, it is not difficult to find out whether there is a fraudster behind what looks like a genuine sender.
By simply hovering your mouse over the display name the real email address behind it will be displayed. Right-clicking on the sender name should reveal the same information. A bizarre email address behind what looks like a respected sender name is a sign that the email is suspicious.
Again, do not click on any links contained in a suspicious email! You can test links by opening a new window in your browser and typing in the company name. If the email purports to come from a big brand or company, open a new tab and search for the official website of that company. You can then compare the URL address to that which has been sent to you in the email.
Scammers posing as banks, lenders, or other legitimate businesses will often request personal information. Some email scams use information that they already have to make you believe that they just need you to “confirm” or validate the remaining details. Banks and legitimate businesses will never request personal information via email.
Beware of instructions to log-in to your account for an urgent message or update. Recipients are often threatened with account closure or service termination if they fail to click on the link and log-in to their account. You can do a quick check by simply logging into your account in a separate window or contacting your service provider directly.
Poor spellings and grammar are obvious signs that the email does not come from a legitimate source. But look out for less noticeable mistakes too. UK Consumer Rights Organisation, Which, reported detecting an email scam because of a mistaken date. The email, sent in March 2017 contained details of a competition with a closing date of December 2016.
Do they know your name? Many email scams will address the recipient with impersonal language such as “Dear valued customer” instead of using a name. This one isn’t full proof because some legitimate companies simply do not use personalised marketing, but it is still worthwhile adding to your checklist, just in case.
Attaching files that contain malware or viruses is a common phishing tactic. Clicking on these files can put your computer at risk and can enable a scammer to damage your files or steal your passwords. If you cannot tell what the attachment is, then do not open it.
If you really must open it, then do it with Notepad to have a look at the data without it automatically running. However, keep in mind there is still a small chance the code could be designed to exploit Notepad. In this case, a sandbox is your safest bet.
Just like using a well-known brand name in the display email address, scammers will often insert a logo or brand name into the email header. Keeping a watchful eye on the appearance of logos contained in an email can pay off. A poor quality or out of date logo is a sure sign of a fake email. Double-check by opening the last genuine email you received from the company.
Still not sure if your brain is being hacked? Some scams are very clever and will leave you guessing. If you are not sure about the authenticity of an email, always take the precautionary step of contacting the company featured in the email. Large companies are very often aware of scams that are circulating and may have alerts on their website or social media accounts. By reporting a scam email to the company that has been misrepresented, you are helping them to raise awareness and reduce the damage done by such scams.
Are you looking for a company to take your IT support to the next level? Make sure to give us a call on 01 664 4190 or contact us for a chat about your IT challenges and needs. We are always happy to offer some sound advice on how you can best support your growing business.