Phishing Emails

Phishing attacks occur now more than ever before. Between 2010 and 2014, phishing attacks increased by more than 162%. Phishing scams cost organizations roughly $4.5 billion every year. In fact, over half of internet users gets at least one spoof email a day!

What are phishing or “spoof” emails?

Phishing emails are fraudulent email messages that appear to be from a legitimate source. These emails direct you to a “spoofed” web page where you can enter your private information. Phishing scams are a way to create panic in the receiver; they attempt trick recipients to respond quickly, and divulge things like passwords, credit cards, and more.

Here are 10 tips on how to identify a phishing scam or spoofed email. If you want to avoid other people becoming a victim, share these tips with your company’s employees!

 
Tip 1: Don’t Trust the Display Name

A common phishing tactic that cyber criminals use is to spoof an email’s display name. You can’t always trust the display name of your email. Always be sure to check the email address. If the email address looks the least bit suspicious, don’t open it. Office 365 has some neat features that allows you to flag suspicious emails with a banner along the top of the email. Emails are like “post cards” from hackers. They can put any “return address” they want and mail it directly to you. This creates a false sense of security in hopes you’ll open that letter.

 
Tip 2: You Can Look, But Don’t Touch

You can open the email to check it out, but don’t click on anything. Instead, hover your mouse over any website links in the email’s text. If the link address looks weird, don’t click on it. Usually, UPS or FedEx emails are spoofed the most for “undelivered items” and “Click Here To Track It”. Never click the link. Rather than clicking it, type the website address in a new window and paste your tracking number in there. If nothing populates, it’s a fake.

 
Tip 3: Check for Spelling Mistakes

Emails from a legitimate business or source will look flawless. Read your email very carefully. Pay attention to any spelling mistakes or bad grammar in not only the body of the email but also in the sender’s name. Chances are that if the email has errors and seems suspicious, it’s a phishing or spoof email.

 
Tip 4: Examine the Salutation

How does the email address you? If the email addresses you with something like “Valued Customer” then be careful. Legitimate businesses typically use a personal salutation with your first and last name.

 
Tip 5: Don’t Give Out Personal or Financial Information

Most companies and banks, never ask for personal credentials in an email. Even if your email seems to be legitimate, don’t give your information out. Always call your bank or credit card company directly from the customer service number on your bill or card. Don’t send or receive wire transfers via email. Always perform financial transactions over the phone, especially if they are for large amounts. The same thing goes for passwords or login information. We highly recommend using encrypted emails for all sensitive information (another great feature of our Office 365 service).

 
Tip 6: Beware of the Subject Line

Is there urgent or threatening language in the email’s subject line? Creating a sense of fear, panic, or urgency is a common phishing tactic. If your subject line says something like “account has been suspended” or your account had an “unauthorized login attempt,” be very cautious. These are usually scams that feed off fear.

 
Tip 7: Check the Signature

Legitimate businesses always provide contact information at the bottom of the email. If you notice that there is little to no information about the email signer, this suggests that it is a phishing scam.

 
Tip 8: Don’t Click on Attachments

Phishing emails will often include malicious attachments that contain viruses or malware. Malware can damage files on your computer, steal your passwords, and spy on you, all without your knowledge.

 
Tip 9: Don’t Trust the Header From Email Address

Not only do cyber criminals spoof brands in the display name, but they also spoof brands in the header from email address. Nearly 30% of more than 760,000 email threats spoofed brands somewhere in the header from email address, with more than two thirds spoofing the brand in the email domain alone.

 
Tip 10: Don’t Believe Everything You See

Phishers are professionals. They know what they’re doing, and they’re good at it. Even if the email has brand logos, good language, and a valid looking email address, it doesn’t mean that it’s legitimate. When it comes to your emails, be skeptical. If the email looks the slightest bit suspicious, don’t open it. Always check the email address it was sent from, not just the display name.

We recommend Office 365 for all businesses. It is what almost every Fortune 500 company uses and has one of the highest spam, spoof, and phishing detection & protection safeguards out there. If you have any questions about emails or Office 365, give us a call!