Phishing emails are one of the most dangerous cyberthreats that small- to medium-sized businesses (SMBs) face today. According to the Verizon 2020 Data Breach Investigations Report (DBIR), phishing is the biggest threat for small organizations, as cybercriminals devise more sophisticated methods to steal confidential information.
Given that your organization deals with emails every day, it’s important to be aware of the warning signs of a phishing scam, such as:
#1. Grammatical errors
This is one of the most common signs of a phishing email. You know it’s one if it is filled with grammatical errors and misspellings, which typically look like this:
We have detect suspicous activity on your account. We have lock it for security purpose. To reactivate your account kindly reply imediately to thi message
In the example above, the grammatical, spelling, and punctuation errors are dead giveaways of the email’s inauthenticity.
#2. Suspicious sender addresses
Criminals can spoof a sender’s email address to fool users. For instance, cybercriminals may pretend to be someone from Google and send an email with this address: [email protected]. It may seem legitimate at first glance, but a closer look will show that “googIe” is spelled with a capital “i” instead of a lowercase “L”. This is one of the more insidious tricks, because the difference between the two letters is difficult to spot.
#3. Fraudulent links
Phishing emails usually include suspicious-looking links that lead users to fraudulent web pages.
For example, an email could contain the link www.ebay.com. However, if a user hovers their mouse over the link, it will reveal a malicious page such as www.ebay.com.top/login. This domain switch is done to allay any suspicion and persuade the receiver to click on the link. The fraudulent page also mimics the legitimate page’s design to trick the user into thinking they’re on the right site. But the moment the user enters their login credentials, they’ve sent their account information to hackers.
#4. Suspicious attachments
Cybercriminals can include attachments in your email that harm your computer when downloaded and opened. There are two common attachment types to look out for:
- Macro malware – Hackers can inject a malicious macro code into a legitimate document. They then instruct the recipient to enable macros to read the document properly. However, doing so infects the host computer with malware.
- Executables and scripts with spoofed extensions – This is where hackers send a file typically labeled “Invoice.docx”. However, a closer look will reveal its full name as “Invoice.docx.exe” or “Invoice.docx.vbs”. This is because cybercriminals are taking advantage of Windows’ default setting of hiding the file extension, making their attachment appear legitimate. Once launched, these attachments unleash malware that could steal sensitive data or install other malware onto the recipient’s PC.
If you suspect an email to be a phishing scam, do not download any attachment that comes with it.
#5. Unnecessarily urgent calls to action
Phishing emails often create a sense of urgency or demand immediate action. For example, they will ask the user to provide personal information or wire money immediately:
Can you wire $1,000 to my bank account right now? I am on a business trip and in need to pay for a few expenses, but the money I have is not enough to cover them.
Please keep this confidential. Send my regards to your family.
The above is an example of a business email compromise (BEC) attack, where the recipient is typically asked to act on a certain request immediately. Make sure to verify the authenticity of the email first before doing anything else.
Secure your business from phishing by partnering with Fidelis. Our security training services conduct engaging and informative training sessions to educate employees about phone scams, ransomware, phishing, and other cyberthreats. To learn more about cybersecurity protection and how we can help your business, download our FREE eBook today.