A single click in an email can be the difference between maintaining data security and suffering massive financial losses. From the moment just one employee or member of your household takes the bait in a phishing email, your business is vulnerable to data breaches and extensive downtime.
Quickly spot the red flags and put phishing emails where they belong:
1. Poor spelling and grammar
While occasional typos happen to even the best of us, an email filled with errors is a clear warning sign. Most companies push their campaigns through multiple review stages where errors are blitzed and language is refined. Unlikely errors throughout the entire message indicate that the same level of care was not taken, and therefore the message is likely fraudulent.
2. An offer that is too good to be true or is a request for money from someone you know.
Free items or a lottery win sure sound great, but when the offer comes out of nowhere and with no catch? There’s definitely cause for concern. Take care not to get carried away and click without investigating deeper. When in doubt, call your friend who has just sent you a request for money. Phishing scams attempt to play at your heart strings, and it only takes a few minutes to call your friend or associate to verify it is a legitimate request.
3. Random sender who knows too much
Phishing has advanced in recent years to include ‘spear phishing’, which is an email or offer designed especially for your business. Culprits take details from your public channels, such as a recent function or award, and then use it against you. The only clues? The sender is unknown – they weren’t at the event or involved in any way. Take a moment to see if their story checks out. We've seen examples of these types of attacks where it appears someone is trying to share a file with you, via Google Drive or Sharepoint, and the link hidden in the image will actually take you to an external site that can possibly take over your computer. When in doubt, speak with the requestor beforehand.
4. The URL or email address is not quite right
One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com]
Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text, send that email to the junk bin, or flag it as malicious if you use Office 365.
5. It asks for personal, financial or business details
Alarm bells should ring when a message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can initiate a check using established, trusted channels.
While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind that your business has the best protection available. Keeping your security up-to-date is the best first step in securing your data. When offered by your bank or other institution, always use two-form factor authentication which combines a password with an SMS text code that is unique to that session.
Give us a call at 612-400-5994 to discuss how we can secure your system against costly phishing attacks and prevent you from a data breach and financial loss.