Are you a victim of phishing, or are you worried you might become one? In a world with increased dependence on technology, identity theft is on the rise and phishing emails have become a common method to extract that personal information that you hold so dear.
Why Phishing Emails Work
Phishing scams operate based on fear and lack of knowledge. The victim sees a worrisome email in his inbox, finds out that one of his accounts “has been locked” or “hacked” or that “a warranty has expired” and wants to remove this threat, unknowingly walking into an actual threat by inputting personal information.
At SpectrumVoIP, we’ve become quite adept at recognizing phishing emails when they arise, and we want to pass some tips on to you to alleviate that fear. We want you to have confidence in how to respond when you think you might have received a phishing email. Check out the tips below and arm yourself with knowledge!
The SpectrumVoIP No-Phishing Checklist
1. Display names are not always trustworthy.
Before you open an email, you’ll see a display name that indicates who your email is from. Be wary of trusting this title just because you recognize the name or company name. With what seems like hundreds of free email services, it is easy for just about anyone to make a display name that mimics a trusted company or person. If you suspect phishing, confirm the true sender by contacting them by a different avenue like by text message or phone call.
2. Look but don’t click!
If you’ve already opened the email but you’re concerned that it may not be legit, trust your instinct. Hover or mouse over parts of the email, but do not click on anything. You may notice that the alt text looks strange or that it doesn’t match what the link description says. If so, these are signs of an illegitimate source. Report the email and move on.
3. Check for spelling or usage errors.
Spelling errors or usage errors are a huge red flag. Keep your guard up by scanning the text or taglines of the email for typos and grammatical issues. You may even find clumsy wording or missing words common to those whose native language isn’t English. Think about it this way: companies with their credibility on the line aren’t going to send out an email with errors. If you see them, you’re likely being phished and you should report it.
4. Be wary of attachments.
Don’t be tempted to open attachments from any email address that you’re not familiar with. Scammers are good at knowing how to create intrigue. Sometimes, they’ll give just enough information in the attachment’s title that you can’t resist knowing more. They’re also known for making imitation icons for famous companies and their logos, thinking that you’ll see a company name that you trust and click on that attachment before you have a chance to think it through. The bottom line? Don’t ever open that attachment. A good rule of thumb: figure out if the sender is legitimate before you interact with an email in any way.
5. Beware of urgency.
Scammers prey on your fear when they set up a false scenario needing your immediate help. Their hope? That you’ll offer up your personal information or your money before you find out their agenda. Phishers might impersonate a family member or friend in desperate need for help (in the form of money, of course) and claim that only you can help. Of course, they’ll tell you they’re on a time crunch and that you only have a few minutes or hours to help them. Or you might receive a warning about some kind of sensitive financial information: “your bank account has been compromised” or “your last payment did not go through.” A supposed urgent crisis pulls victims in before the fear subsides, making it a very effective scam indeed.
A word of caution: when you receive a monetary request of any kind, be sure to ask yourself if the person in question would reach out through email for such a request. Then, if you’re unsure if it’s legit, check with the “sender” through another medium before replying to that email.
6. Don’t believe everything you see. (Commercial about the Internet)
As a general rule, it’s a good idea to remain skeptical about what you see and read. Stay vigilant any time you’re checking your emails, and always be hesitant to communicate anything personal or financial through email. If anything about what you’re reading feels “off,” report it to your I.T. manager.
7. Consider the salutation.
How an email addresses you says a lot about the credibility of the sender. Does the email in question say “Dear Valued Customer” or “Dear {Insert Title Here}”? If so, it reveals that your scammer has gotten lazy and sent out potentially thousands of emails hoping to get a catch. The good news is that this red flag stands out, making their chances of scamming an informed individual very low. By all means, avoid these general or vague salutations whenever they arise.
8. Check the email signature.
If the email signature at the bottom of the message is vague or missing, this could be a sign of phishing. Typically, a legitimate sender, whether an individual or a business, will include a full signature block at the bottom of their emails. This is their way of telling you that they can be trusted and that you have a way to contact them if you have questions or concerns.
9. Check to see if the email requests personal info.
And last but certainly not least, when a sender requests personal or financial info, your alarm bells should always go off. Legitimate companies know the risks of sending private information through the web, so they don’t want to put their clients or customers in that position. To be safe, no matter who asks for it, never provide personal or financial information through email. Make a call or request a secure avenue to do so instead of putting yourself at risk.
The Bottom Line
Scammers are successful because they prey on fear and lack of knowledge on the part of the receiver. Now that you have the most common signs of phishing in your arsenal, you can feel more confident that you know how to respond when these scam emails inevitably turn up. And, as always, you can lean on the team at SpectrumVoIP to bring you information that will keep you safe so that you can get back to running your business.
If you’re interested in more information on this topic and how to avoid getting scammed by one of these emails or would like to know what phishing, spoofing, social engineering, etc. is all about, the following links contain further reading on the matter.
https://www.phishing.org/what-is-phishing
https://www.us-cert.gov/report-phishing
https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams