Did you know that more than half of all emails that land in our inboxes are spam? As if that’s not enough, almost half of all spam emails contain malicious attachments or links. The most common of these threats come in the form of phishing scams, which are designed to dupe unwitting victims into giving up confidential information.
Phishing is a type of social engineering scam that can be enormously effective, even though they generally don’t rely on the attacker having great technical expertise. While email is the most common delivery channel for such threats, they may also appear on social media, compromised websites, over the phone, or even by SMS.
Since phishing scams involve persuading victims into doing what the attacker wants, relying on technology alone isn’t enough. While many scams are indeed obvious and should be picked up by spam filters, there are many others that don’t. Such scams are called ‘spear phishing’ attacks, and they target specific users and exhibit personal knowledge of the would-be victim. Spear phishing attackers could masquerade as a colleague or business partner who already knows your name and other information about you in the hope of building trust.
So how do you protect your small business, your employees, and your customers from one of the most pervasive threats of all? Let’s look at some of the ways to stay safe:
Be Careful Who You Trust
Many employees assume that an email from a known sender is legitimate, and that’s exactly what phishing scammers rely on. It doesn’t take much to spoof an email address and impersonate a sender, so you should always take extra steps to validate any request for confidential information. You have to keep in mind that no legitimate organisation or security-savvy individual will ever ask for things like login or payment information over email. If they do, then you can be sure it’s a scam.
Other phishing scams attempt to get victims to click on a malicious link or download a malicious attachment. That’s why you should always verify the sender of the email before taking further action. You shouldn’t just reply to the email either – instead, find a way to verify their identity and confirm what they sent you. Even if the email doesn’t contain a link or an attachment, you should avoid replying to anything that looks remotely suspicious, since doing so will only provide the attacker with more information they can use in a targeted scam.
Common Characteristics to Look Out For
Some phishing emails are easy to detect, but others are much more effective. What they all have in common is their attempt to look ‘official.’ These are some common signs to look out for:
- Poor spelling and grammar
- Emails with deceptive subject lines meant to create a sense of urgency, such as those alerting you of an urgent update
- Messages that feature generic salutations, such as ‘Dear Sir’ or ‘Dear customer’
- Phony links that come in the form of images or may be masked using HTML anchor text (always verify the link by mousing over it)
- Attachments with a suspicious executable file, compressed archive, or unfamiliar filetype
- Any request for personal, payment, or login information is almost certain to be a scam, since no legitimate company will ever ask for such information by email
- Phishing websites, which may be linked to spam emails that look genuine at first glance, but may have a minor spelling error in the address
If something looks suspicious, then it’s best to take extra precaution. Report it immediately to your IT department so the rest of your team won’t fall for the same scam.
Austin Technology provides businesses in Perth the managed endpoint security they need to help guard against phishing scams and other online threats. If you’re ready for that invaluable peace of mind, talk to one of our experts today.