What is Phishing?
“Good things come to those who bait.” This is true for fishing and unfortunately true for phishing, also. Phishing uses email as bait, with messages that appear to be from legitimate companies or from people you know.
These emails often appeal to human emotions such as:
- Fear—an email from your “bank” saying your account has been compromised.
- Sympathy—help the victims of the recent fires.
- Curiosity—a new government program for college tuition
Or the emails can pose as information you need:
- You missed a package from FedEx
- You missed paying a bill from your Utility Company
- The IRS needs additional information before processing your refund
What all phishing emails have in common is a link or attachment they want you to click on.
Why Are Phishing Emails Dangerous?
Clicking on a link can take you to a fake website that requests personal information like a credit card, bank account or social security number that the scammer can exploit. Clicking on links and attachments can install malicious software on your computer that can then access login credentials to your personal and business accounts.
Criminals are using phishing emails daily at astounding rates. According to Propeller CRM, 45% of emails are spam and 73% of spam emails are phishing scams. It is also stated that “the average cost of a phishing attack for mid-sized businesses is $1.6 million,” which can wipe a business out in one click. For business owners, proper training on phishing emails is crucial to the longevity of your company.
How Can You Spot a Phishing Email?
Often, the emails look legitimate and link to near identical websites. And if phishing itself wasn’t scary enough, there is an even more specified form of email attacks called “spear-phishing.” Criminals who use spear-phishing use a more targeted and narrow approach. They do research on the individuals they go after, which can result in more personalized and legitimate-looking emails.
But fear not, there are usually a few ways to spot a scam.
- Check the email address of the sender. It’s a quick giveaway to see an email address that is unrelated to the business that supposedly sent the email.
- Check the email address for the intended recipient to see if it matches yours. Pay close attention to the name within the email in the greeting. “Dear customer” is not your name.
- Check the website addresses by placing your cursor over any links provided in the email. Like the email address, it will have a name that differs from the business the email is allegedly from.
- Carefully read the text of the email. Phishing emails may contain grammatical errors. Another clue would be an email requesting your password because of failed login attempts even though you weren’t trying to log into your account.
- If it seems to good to be true, it probably is. Criminals frequently try to gather personal information with fake sweepstakes and giveaways. Did you even enter a contest?
If you are ever in doubt, play it safe and delete the email or consult IT support for help
What If You Think You Are a Phishing Victim?
If you think you or your business might be a victim of a phishing scam, change your passwords immediately and alert your IT department. You can also confirm an email by contacting the business it appears to be from.
Learn More—Take a Quiz!
It is important to be aware of scams to protect yourself, but it’s equally important to train your employees on phishing emails to protect your business. As a starting point, Jigsaw and Google teamed up to make a quiz to test your ability to spot a scam and help learn safe email practices. It’s trickier than you think!
How Can Adept Solutions Help?
Adept Solutions can provide web tools to help filter out spam emails and websites before they reach you and your employees. We also provide user training on cybersecurity best practices, including email phishing.