Hackers are increasingly trying to steal and compromise consumer data and information online as the demand for remote jobs continues to rise. Since more people are spending greater amounts of time online and working from home, making digital transactions instead of in-store, banking online, and sharing sensitive information online, there are a lot more people online to target. This means that online security is important for everyone as online scams are certainly not decreasing.
There is a good chance that many of you reading this have already been victimized by phishing, spoofing attacks or other types of scams online. Many small businesses don’t provide any online security training to remote employees, so their businesses could easily be compromised. This is a serious risk for any business owner.
Our goal with this blog post is to provide you with an understanding of what these types of emails are, why they are sent, and how to better identify them.
What are Phishing Emails?
Typically, these emails contain a link to a download or a call to action. They aim to collect your login info or sensitive information, or they want to spread malware (viruses) to your computer.
In many cases, phishing emails look as if they were sent by a well-known brand, like a bank, a credit card company, something you might use online, like a social networking site, or a shopping site.
What is Email Spoofing?
Email spoofing is when the email sender uses a fake email address in an email message that makes it look like it’s from a legitimate or well-known business. The goal with spoofing the sender address is to make you think that the email is coming from someone you trust, so that you will click a link in the email. This link will either install a virus on your computer or redirect you to a fake login page or website form where you will enter your private account information.
Sometimes the senders of these emails don’t even bother to hide their real email address, so that is one of the best ways to check to see if an email is legitimate.
Go through the list below to determine whether an email is legitimate or not:
1. Are they asking you for sensitive information?
Respectable businesses are not going to email and ask you for your personal information. Many online scams do ask for this information, however! Just as you would not give a strange caller on the phone your personal data, don’t give it to someone via email. If you have any doubts, use a verified phone number (don’t use the contact information in the email itself) to call the business or organization and see if they sent you an email.
2. Are they addressing you by your legal name?
The majority of phishing messages don’t contain any of your personal information, because they don’t have access to it. Use of awkward salutations (For example: Sir, Madam, Miss and Dear) and non-customary introductions are a good way to tell that an email shouldn’t be trusted. Many of the people sending these emails are from other countries and don’t use proper grammar and spelling.
3. Are they using a real website address?
You should always highlight or move the mouse cursor over the sender’s email address. Often the sender’s name will say it’s the real company, but the email address or website address they are using is fake. If you move your mouse cursor over their name, you should be able to see the from email address in the status bar located at the bottom of your browser (see image). This is one of the easiest ways to figure out if an email is fake.
If you are on your phone, it’s much harder to tell, so it’s best to view any suspicious emails on your computer so that you can check them out properly.
4. Are they using proper spelling & grammar?
It’s common for phishing emails and other online scam text to written by people whose first language is not English, as they are often located in other countries. The text is usually spelled incorrectly and grammatically incorrect. Also, they might use a lot of slang and phrases that are inappropriate for emails. You can sometimes tell it’s a scam by just reading a few lines of text.
5. Are they asking you to click suspicious links in the email?
Most reputable and professional emails explain what the problem is, or recommend going to the company’s website to find out more. They never send you vague emails requiring you to ‘click here’ or ‘sign in’ to give them more information to fix issues.
If an email is asking you to click a link in the email to sign in, verify that the email is valid by contacting the company directly using their legitimate (searchable) contact information. Never use the contact information provided in the email itself.
Use the contact information listed on the company’s real website and bookmark the real website, so if you ever have any doubts and accidentally click a phishing email, you can easily check to see if the website has a bookmarked indicator in your browser.
6. Are the links in the email legitimate?
Hovering your mouse over a link in an email will show you its intended destination. If the address you see doesn’t match the company’s official website, don’t click it. Always check the destination of every email link you receive these days (see image for example).
Often online scammers will use longer website addresses that contain the company’s name. For example instead of amazon.com, they will use a link like: it-service-amazon.com. Another example would be instead of microsoft.com, it may be something like microsoft–customer-support.com Seeing any extra use of dashes in supposedly official website address should make you suspicious that the links are not legitimate.
Get help with online security & avoid online scams!
Even though the above is a list of good indicators, sometimes it is difficult to tell if an email is a scam. You may not always be able to tell when it comes to scams, which is why it’s important to make sure both you and your business are equipped to handle these online security risks.
If you need help making sure your business is secure or training your employees in best security practices, TecKnowCare can help.