You’ve heard of email scams and hackers who phish for their victims. These attacks are on the rise too with the number of phishing attacks doubling since 2020 and they’re not slowing down. After all, there’s big money to be made in the phishing business. Some attacks yield almost a million dollars for their perpetrators. That’s a pretty strong incentive to figure out the next big hit. The best way to stay off the list of victims is to know what you’re facing and how to respond.
Tell-tale signs of a phishing email
There are several critical ways to identify phishing emails and actions you can take to protect yourself, your team, and your business. The key is for everyone to know what to look for. Phishing emails may include all of the following or a subset.
Threats or an urgent call to action
Phishing emails are designed to get their victims to do something specific. They say they’ll turn off your subscription if you don’t update your bank information or give you a great deal if you just fill out this form that requires your birthdate and social security number. The idea is to motivate the reader to take action quickly and to share information the hacker can use to get more money or information to wreak havoc. It’s as simple as that. In 86% of data breaches, money was the attacker’s motivation, but it’s not the only one.
Sent from an unfamiliar or mismatched address
Phishing email addresses can come in a few ways. The sender’s address:
- Is from a public domain, such as Gmail or Yahoo, meaning it’s most likely from an individual person and not a business
- Looks like it’s from a familiar company, but the spelling is inaccurate or it says .net when the real company’s website says .com
- Isn’t one you recognize, along with the domain or the sender’s name
They don’t address you by name because they either don’t know it, didn’t take the time to put that information into their scam-builder, or don’t care what your name is unless you choose to cooperate and give them what they want.
Sent from a domain that doesn’t match the links in the email
For example, the sender’s email is from a public domain (i.e. the part after @) and the links go to a website you don’t recognize. Use your browser’s hover feature to check the web addresses of any links before you click on them.
Spelling and grammar mistakes
Recognizing these can also help you spot an email coming from a familiar address that has been hacked. One real life example was when a published author and writing teacher’s email was hacked to allow phishing emails to be sent to her students. The hackers were unsuccessful because the recipients knew she wouldn’t send an email full of typos.
Aside from spelling and grammar, the hacker might not take the time to create an email that sounds professional or fits the brand or purpose. If something seems off, trust your instincts. It could be a phishing email.
What you can do to avoid becoming a phishing victim
Now that the frustrating bits are all out on the table, let’s move on to what you and your team can do to stay safe.
Educate yourself and your team about phishing emails
When everyone knows what to look for, they can make smarter decisions about which emails to open and which to report. Tell them what you want them to do when they see a suspicious email so they’ll know how to respond if they receive one and won’t click on a link that gives a hacker direct access to your network.
Install cybersecurity software
If you don’t already work with a cybersecurity provider, ensure that you’re doing something to protect your digital assets and hardware. Do your research, talk to colleagues, and select a cybersecurity solution that fits your needs.
Use multi-factor authentication
This tool is everywhere nowadays, because it works. When you have to have your password and your phone to log into something, there’s a much lower risk of a hacker being able to fake your login.
Back up your data somewhere other than on your network
In the awful situation that leads to your network being hacked and disrupted, having a back-up somewhere outside of your network, such as an external hard drive or cloud server, can mean the difference between disruption and a reliable workaround that gets your team back on track. It could also mean that the hacker doesn’t hold all the cards.
Set mobile devices to update software automatically
One way software and smart device providers combat cybersecurity risks is by updating their software. The sooner these updates are installed on your company’s devices, the sooner they are protected against the most recent threats.
If you have any questions about how to protect your business infrastructure, please email firstname.lastname@example.org.