Do you know how to identify a fake email?
If you receive an unexpected message, would you know if it was legitimate or a scam? Don't worry, if your answer is no, you are not alone. There are thousands of phishing scams every single day and most email spam filters don't catch these fake emails. You might be asking yourself, Why?
These days, a phishing attack (fake or malicious emails) is sophisticated enough to fool many online security email programs. And the ones that don't are quickly re-engineered and replaced with new emails that, until found out by the spam filters, will make their way into your inbox. Because these hackers make the email look valid, not only does it fool the spam filters, antivirus, and security programs, the email also fools many unsuspecting recipients.
Today, most phishing scam messages disguise themselves as a legitimate email. They look like a message you may receive from your bank, or an online account such as a file sharing or a social media site. So how do you tell if the information is legit?
5 Ways to spot a phishing email:
- Who sent you the message? - If the sender information, sending email, or reply field show an unrelated address then it is most likely a phishing attempt. Some companies do use third party software to send mail, but most companies (at least the ones who understand email etiquette) will make sure that their email address headers have the appropriate data that matches their company domain name.
- Where do the links in the email send you? - If there are links in the email, such as "click here" or "buy now" or "verify" then hover your mouse over the link (don't click on the link) to see where the link will take you. If the link shows a long, random address that leads to a web page you don't know, then don't click on it. That link could be a tracking link (which will now initiate even more spam and phishing attempts) and if clicked on, it will take you to a spoof site.
- How to identify a Spoof Site? - If you do accidentally click on the link it will take you to a website that initially looks like a legitimate site. Instead of "dropbox.com" you may end up at a site such as "dropbox.spoof.com". The layout and look of the site will mimic what you may normally see at the legitimate website, but if you attempt to login you will be giving your private credentials to the hackers (so you now fall victim to identity theft). The easiest way to spot this is to verify the website address. Even better, google the site you are wanting to visit or simply enter their direct url rather than click on the link in the email.
- Are you expecting the email? - Another tactic used frequently by hackers is sending email from another member of the company. If you receive an email from your boss asking you to open an attachment or fill out some form online, you may want to call and ask them if they actually sent the email. If your boss' email was compromised previously, they may have some form of malware on their computer that is sending out emails to all their contacts with emails that will infect the recipients. Simply asking the sender about the email will not only let you know if it is safe, but it may alert the sender to the fact that they are compromised and need to seek assistance from their IT team.
- Don't agree to install or execute anything in an attachment. - If you can't talk to the sender to verify the email is legitimate, then at least be sure NEVER to install or execute anything. If the attachment is a .docx file then you may wish to delete the email or at least postpone opening the file until you confirm with the sender. If you cannot confirm and wish to open the file, save the file to your computer and be sure not to install any macros or other additional executable files. Many current malware, viruses, and ransomware attacks are propagated through the use of macros associated with a .docx file. In each instance of infection, the user had to click on an additional "pop-up" box that requested permission to install macros or an executable file in addition to opening the attachment. If this happens to you, don't click giving permission.
The best solution to identify a phishing email is training from a qualified IT Computer Support Team that tracks and monitors your progress, as well as identifies deficiencies. If you would like to know more about how to identify a phishing email contact your team at qnectU: 801-572-4000 or learn more at: https://qnectu.com
Below is the original article:
According to data collected by Microsoft, phishing emails accounted for 0.62 percent of all inbox receipts in September 2019.
That's up from 0.31 percent just one year prior to that.
The increase is alarming of course, but at first glance, these look like fairly harmless numbers.
Unfortunately, last year, phishing scams targeting business owners (BEC, or Business Email Compromise) cost companies around the world more than a billion dollars last year. That fact makes the year over year increase terrifying.
The reason BEC campaigns are so successful and so expensive for businesses is that the scammers tend to impersonate CEOs and other high-ranking corporate officials. When you get a message that by all outward appearances comes from your boss, and it's marked urgent, you tend to respond right away. That's exactly what the scammers are counting on.
Even worse, scammers have gotten increasingly good at crafting their message. It has reached the point that even IT professionals have been taken in by them in some cases. They've been unable to spot the subtle differences between a scammer's email impersonating a CEO and a message from the CEO himself. If an IT professional gets taken in, what hope is there for a busy HR employee or someone from the accounting office who doesn't face those types of threats on a daily basis?
Given the rapid increase in the number of well-crafted phishing emails, this is a serious, legitimate concern. Unfortunately, bolstered by their own success, you can bet the scammers will be even more prolific.
If there's a silver lining here it is this: Microsoft reports that taking the simple step of enabling two-factor authentication across the board is an effective countermeasure. Phishing attacks tend to be automated, and 2FA blocks 99.9 percent of automated attacks. If you're not currently using it everywhere, you're putting yourself at unnecessary risk.
