With scammers now weaving COVID-19 into their cons, now seemed like a good time for a refresher on how to spot phishing emails.
According to Wikipedia, phishing is “the fraudulent attempt to obtain sensitive information such as usernames, passwords, or credit card details by disguising oneself as a trustworthy entity in an electronic communication”.
To put it another way, phishing is when a scammer send you an email pretending to be a bank, retailer, or gov’t agency and tries to trick you into giving them money or info like a credit card number. They might also want you to click a link so they can hack your computer.
Scammers have adapted to the current crisis and are sending emails and IMs that claim the recipient owes fines for violating quarantine. The scammers are sending the emails en masse because they know someone is going to fall for it (and they are probably right).
Here are the red flags to look for so you don’t fall victim, and can instead put phishing emails where they belong.
1. Poor spelling and grammar
While occasional typos happen to even the best of us, an email filled with errors is a clear warning sign. Most companies push their campaigns through multiple review stages where errors are blitzed and language is refined. Unlikely errors throughout the entire message indicate that the same level of care was not taken, and therefore the message is likely fraudulent.
2. An offer too good to be true
Free items or a lottery win sure sound great, but when the offer comes out of nowhere and with no catch? There’s definitely cause for concern. Take care not to get carried away and click without investigating deeper.
3. Random sender who knows too much
Phishing has advanced in recent years to include ‘spear phishing’, which is an email or offer designed especially for your business. Culprits take details from your public channels, such as a recent function or award, and then use it against you. The only clues? The sender is unknown – they weren’t at the event or involved in any way. Take a moment to see if their story checks out.
4. The URL or email address is not quite right
One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com]
Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text, send that email to the bin.
5. It asks for personal, financial or business details
Alarm bells should ring when a message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can initiate a check using established, trusted channels.
While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind that your business has the best protection available.
A single click can be the difference between maintaining data security and suffering massive financial losses, so it never hurts to be cautious.
If you get a suspect email, try to confirm its legitimacy through another source. Sometimes even posting a question on Facebook about the email, or doing a simple Google search, can save you from a terrible mistake.