We’ve all heard of phishing and how much damage it can cause. It can cause your computer and your entire business network to be infected with malware. It can lead to data breaches that result in the loss of confidential business data and customer information. It has cost some company’s millions. The Scoular Co. lost $17.2 million in June 2014 as a result of phishing.
1. Without opening the email, look at the name of the sender. Does it EXACTLY match other emails from the same party? If not, it could be packing malware.
2. You are asked to reply with confidential data - A legitimate business will not ask you to furnish your username and/or password or to click a link to change your password. If an email requests banking information, be suspicious. Don’t fall for it.
3. You are offered something valuable at little or no cost – The Nigerian prince comes to mind. Or you have won some sweepstakes that you never entered. Remember that even if you know the sender, the sender’s address book could have been hijacked and used to disseminate phishing emails.
4. The email threatens you with dire consequences if you do not comply:
5. The email purports to be a "Confidential" or "Private" request. – The sender is trying to keep you from verifying the email with another party. Don’t believe it.
6. An email contains an attachment that purports to be an order confirmation or receipt – This approach is also used for supposed package shipment documents. Think: have you ordered anything from that company? If so, do past emails have the same format and look? It is better in general to access information on an official website than to click links in an email or download an email attachment. In most cases it is possible to go to an official website to verify the email contents and get further information.
8. Is it tax season? - During tax season there is a bump in spear phishing and telephone scams by “tax authorities” requesting financial information or providing tax “receipts” that are malware in disguise. Since January, at least 68 US companies have announced that they fell victim to a spear phishing attack responsible for stealing the W-2 U.S. tax records of their workers. One or more employees receive an email appearing to be from the CEO with subject lines such as: “Request for all employees’ W2.” If the employee falls for the scam, the attacker attempts to file tax returns for all workers before the workers do. Then the attacker steals the victims’ tax refunds.
9. The sender’s email address does not seem to match the contents - Does it make sense that an email from UPS would come from an address such as firstname.lastname@example.org? Probably not. How about from email@example.com? Notice the periods. This is not from UPS, it is from up.s. The "from" address in an email can be faked. Do not assume that if it comes from a known address that it is legitimate.
10. The wording of the email is awkward. – Does the content appear to be proper English (or whatever language it should be)? Check the tone and grammar. Does the email sound like it was translated from a foreign language? Then it could come from a non-native hacker.
If the message is suspicious, there are some steps you can take:
While phishing techniques are getting more sophisticated, there are lots of things users can do to avoid being phished. IT pros need to ensure their organization deploys a powerful spam filter that scans inbound and outbound email, provides RBL blocking and pattern filtering. Spam filters vary in effectiveness and are only part of the solution to preventing intentionally malicious attacks — especially phishing emails.
Sign-up for email updates...
Call us on USA +1 813 304 2544 or IRL +353 91 545555Contact Us