In today’s post, I’d like to stray from the usual Case Study and share something that I received in my inbox recently: Phishing Emails – you may not see them frequently, but they can be hard to spot (These cyber crooks are gettin’ good these days).
“Phishing” emails are malicious emails sent by criminals attempting to compromise your personal information. And they can seem legit.
Many phishing emails can be disguised as a message from an authoritative entity asking you to visit a website and enter personal information. These websites are set up by criminals to gather personal details which they can then use to hack into your accounts and commit fraud. Some links and attachments in these kinds of emails contain malicious software, known as malware, that will try to install themselves on your computer. These malware can collect data such as usernames and passwords. If you recognize these emails, delete them immediately.
It’s estimated that 156 million phishing emails are sent every day and of those, 16 million get through the protection software, 8 million are opened, 800,000 links are clicked and and 80,000 innocent people fall for scams and give away their personal details. Knowing how to recognize these emails can lessen your chances of you getting caught. Here are some of the signs of phishing emails.
1. Email Address
This is the first thing you should look at. Criminals use two tricks when crafting email addresses – first, they’ll put a real company’s name before the “@“ to make it look credible and second, use a web address similar to the genuine one. For example, http://www.cleanrmow.com is a genuine website and they may have a real email address such as “firstname.lastname@example.org” or “email@example.com.” Scammers will craft phishing email addresses almost identical to the real addresses. They could change the letter “L” to an “I” like so: http://www.cieanrmow.com. Or they may change the letter “O” to a zero like this: firstname.lastname@example.org. Check these emails carefully to make sure they are the same as the real web address.
2. Generic Greetings
Beware of emails with generic greetings such as “Dear Valued Customer” and similar welcomes. Look for poor spelling, punctuation or grammar. However, you can alway rely on these obvious signs as sometimes scammers go to great lengths to make their phishing emails look authentic as possible. They’ll use the company’s real logo and even the names of people that work there.
3. Sense of Urgency
Phishing emails may use phrases such as “you should update your password immediately” to create a sense of urgency in order to lure their targets into giving away their personal information. They may even use a threat like, “You’ll be fined if you don’t act now.” These scammers may make you feel as if you’re missing our on something, peak your curiosity or use your fears to push you into making an instant response. If you feel you’re being pressured in any way, or that something just doesn’t feel right, be especially careful.
If there is a link within the email, hover your cursor over the link to view the underlying address. In other words, check to see where it would take you if you were to click the link.
Look to see whose name is at the end of the email. If it’s from a department or team, do they actually exist? If it’s from a person, is their name in the email address and is the email address real?
These are just generic emails which are sent out to large groups of people, knowing that it only takes a few to click to make the effort worthwhile to the scammers.
Criminals sometimes target individuals. These cyber attacks are called “spear phishing” and this method is on the increase because criminals know many more people are fooled by them. Spear phishing emails often use personal information obtained from social media pages to make the emails look more credible. For example, criminals might use your name or tailor the email to reflect things you like; your hobbies, interests, where you live or what is happening locally. They may even make the email look as if it came from the organization you work for. People are sometimes targeted because of their position within the company or because they have access to sensitive data.
It can often feel like we’re bombarded with emails both at home and at work, and many of them have genuine links and attachments. Be sure to look for the signs of phishing emails and think before you follow any links or open any attachments.