Phishing Email Scam: Don't Fall Victim to Cybercrime!
In a previous article, I wrote about a phishing email scam where a cyber-attacker attempted to steal money from my company. By using a fraudulent email, my comptroller received what appeared to be a request from me to transfer $10,000 to a Bank of America account. Luckily, she had a funny feeling after she did the transaction, so she contacted me immediately to verify and reversed the transaction before it was too late.
The reason I share this openly is because if it can happen to me, it can happen to you.
One in three computer users have fallen victim of phishing scams, and nearly 50% of global cyberattacks were on small companies with less than 250 employees. Hackers are attacking more and more small businesses because they know they often lack the resources and defenses. Even if you think your business is cyber-savvy, you must always keep your guard up for any phishing email scams.
How to spot a phishing email?
A phishing email is a bogus email that is carefully designed to look like a legitimate request (or attached file) from a site you trust to get you to willingly give up your login information to a website or to click and download a virus.
Often, these emails look 100% legitimate and show up in the form of a PDF (scanned document) or a UPS or FedEx tracking number, bank letter, Facebook alert, bank notification, or another authoritative voice. That's what makes these so dangerous – they LOOK exactly like a legitimate email. So, how can you tell a phishing email from a legitimate one?
Here are some clues to help you spot "phishy" emails:
First, hover over the URL in the e-mail (but DON'T CLICK!) to see the ACTUAL website you'll be directed to. If there's a mismatch or suspicious URL, delete the email immediately. In fact, it's a good practice to just go to the site direct (typing it into your browser) rather than clicking on the link to get to a site. Another clue is poor grammar and spelling errors.
Another warning sign is the email is asking you to "verify" or "validate" your login or asking for personal information. For example, a fraudulent email imposing as your bank or other financial institution might say: “Our records show your account information is out of date. Please click on the following link to confirm your information.” What! Why would your bank send you an email to verify your account number? They should already have that information.
And finally, if the offer seems too good to be true, it probably is!
In my 30 years, I’ve seen so many cases where employees are just clicking through emails and causing major damage to the business. Safeguard your business with a robust security team. That’s where a trusted IT service provider can help you provide educational training for your staff and help you build in some checks and balances to protect your company. For some extra reading, check out these resources:
- How to Identify Phishing Scam Emails - A Real-Life Story on a Recent Attack
- FBI warning regarding Business Email Compromise (BEC) scams