How Your Business Can Spot a Phishing Scam
One notable phishing incident that occurred in 2017 was the WannaCry malware attacks, which affected businesses with poor cybersecurity infrastructure. The worm exploited a weakness in Microsoft’s operating system, infecting computers and demanding ransom payments to regain access.
While it seems like only large businesses are phished, most cyber criminals actually target small and mid-sized businesses. A Nationwide survey found that one in five small businesses have been victims of a phishing scam. Furthermore, SmallBizTrends reported 60 percent of small businesses that are hacked go out of business within six months following the attack.
To avoid experiencing cybercrime at your business, you need to follow best practices. In this post, we’ll review numerous ways that you can spot a phishing scam and avoid it.
What is Phishing?
Phishing is a form of computer hacking conducted by email with the intent of deceiving users into providing their personal information. The information you provide can then be leveraged to gain access to your bank account, personal data, and customer’s records. Most phishing scams involve sending email attachments infected with malware, or directing you to a malicious link page that attempts to collect personal info.
Phishing is one of the easiest cyber-attacks for cyber criminals to carry out. Even when people are aware of phishing, they may fall for the bait out of curiosity. In fact, researchers from the University of Erlangen-Nuremberg found that 56 percent of people click on links from unknown senders, and 78 percent of them said they knew the risks.
5 Tips to Spot Phishing Scams
To prevent your business from becoming a victim of a cyber-attack, it’s important for everyone in your organization to be educated on how to spot a phishing scam. Here are some of the easiest ways:
1. Check the Sender
Phishing emails typically imitate an established brand using a spoof email address. Before opening an email, you should check the domain of the email address to see if it’s coming from a real company (e.g., apple.com) or a similar but different email domain (e.g., apple-account-warning.com).
2. Check for Errors
Phishing scams employ tactics such as using a capital I instead of a lower-case l in email domains that can be easily missed by users. Malicious emails are also often impersonal, which is a red flag since companies will usually address you by name when asking for account updates or information. In addition, you should scan the email for typographical errors, incorrect copyright dates, or locations.
3. Check the Language
The most common aspects of a phishing email include scare tactics and urgency. Messaging usually revolves around getting you to do an action immediately to avoid getting fees or your account suspended.
4. Check the Link
A good trick is to move your mouse over the email link to read the website domain and check to see if it’s legitimate. Phishing links are often formatted through shortening services like bit.ly or are formatted to be like a real website (e.g. salesforce.com vs. saleforce.com).
5. Check the Page
If you accidentally clicked the link, you’ll often be taken to a fake landing page. Like the email content, you’ll want to check the page for errors in the website address but also look for things like missing website navigation, broken links, and inconsistent branding.
Needless to say, it’s important that your employees don’t click any links or download files in emails that look suspicious or was sent from an unknown sender. This should be at the core of any cybersecurity training, and employees should learn to identify red flags.
These tips aren’t completely foolproof. As a business owner, you’ll often get an email message from someone claiming to have connected with you in the past or from an individual asking you to confirm some information. It’s important to apply the above tips to any email that “feels off” in any way. As with all cybersecurity, it’s important for businesses to be on the safe side. Phishing attacks may seem scary, but they’re avoidable by following good email and web safety practices.
Can your business prepare to debunk a phishing email? Put your knowledge to the test and see if your employees can spot all the phishing hooks with this infographic from Varonis.
Please include attribution to Varonis with this graphic.
Editorial Note: Any opinions, analyses, reviews or recommendations expressed in this article are those of the author's alone, and have not been reviewed, approved, or otherwise endorsed by any of these entities.