phish·ing /ˈfiSHiNG/ noun
the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.“an email that is likely a phishing scam”
You may have heard of fake emails from a ‘Nigerian Prince’ that has been used to scam people for decades, but what about the new ‘Social Media Friend Request’ scam? Phishing is not a new concept, but as technology continues to advance, scammers become smarter. Since the dawn of email, people have been using it as a catalyst to steal information and money from unsuspecting victims. Today, the average cost of an email phishing attack for a mid-size company is around $1.6 million. Don’t get hooked— here are some AIS IT trusted tips on how to protect your business from the ever-evolving world of email phishing.
Question Unknown Senders
This one may be obvious, but you should always be skeptical of emails sent by someone you don’t know. If you are receiving emails from an unknown source, it is best to proceed with caution.
Unexpected emails with generic subject lines or vague information can potentially be malicious and should be approached with caution.
Watch Where You Click
You probably get emails containing links and attachments all the time. But if you don’t know the sender, the email could include malicious attachments, PDFs or links that could potentially hack your email or collect your personal information.
Trust No One
Even emails that look like they come from trusted contacts could be compromised by scammers. If you think something looks off, ask yourself a couple of questions before proceeding.
- Is there a signature in the email? Emails without signatures generally mean that person is sending the email is a victim to a man-in-the-middle attack, and that their email is being utilized maliciously.
- Does it sound like this person? After corresponding with someone multiple times, you may pick up on the way they format emails or use the same phrases. If an email uses out of character phrases such as ‘kindly’ instead of the generic ‘please’, or they sign the email in a different way, this could be a phisher.
- Would they normally request this information? If someone is requesting information they wouldn’t normally in an email or you haven’t previously spoken in detail about this request before, it may be a scam.
- Is their information correct? Double-check the email attached to the name. Often times the name may be that of the co-worker but the email is slightly different or from a generic email such as Yahoo or Gmail.
Ask For Help
Having issues with people outside your organization spoofing your email address and emailing co-workers? IT can add Transport rules and append messages to e-mails at the O365/Exchange level to note that the email comes from outside your organization and to proceed with caution.
Even if you’re cautious, phishers can still steal your information and cost you money. It is important to stay up to date on ways to protect yourself and your company. Besides knowing the signs, the best way to stay protected from scammers is to utilize managed IT services like ones offered from AIS. We can help your company stay informed and protected from phishers, contact us today!