Email phishing is all too common. This post will support you in recognizing email phishing and how to take steps toward protection.
What is phishing?
At its most basic level, phishing is fraud. Email phishing is illegal attempts to get you to send compromising data (think usernames and passwords, SSNs, etc.), click on links, or download malware onto your computer. Ultimately, it works so scammers can log into your accounts, gain access to your personal or company information, and steal from you. They may steal your money or your identity, and it happens more than you think.
This infographic from the Federal Trade Commission shows the damage done by scammers in 2023.
Bummer, right? But you can protect yourself and your company from scams like this!
How to Spot an Email Phishing Scam
Sense of Urgency
Emails that demand urgent action are attempting to get you to ignore your critical thinking skills and start acting foolish.
What to do: Stop and think!
Think: Would this person/company typically rush me like this? If they aren't your boss and hounding you about a deadline, the answer is probably no. Treat this like a scam.
Spelling, Grammar, and Formatting issues
Look for errors in these areas:
Spelling: Perhaps the spelling closely matches a brand name but is a bit off, or random words are misspelled, and it doesn't look like a typical typo
ie. Arnazon instead of Amazon
Sentence context: Does it sound like a native English speaker wrote it, or could it be from a translation site? Are words used in the proper contexts?
Lack of editing: If you are emailed from a company, this email should have been copy-edited. If it feels amiss, chances are it could be!
Formatting: If the overall look of the email looks unprofessional, is off-center, or logos seem to be fuzzy or placed incorrectly, these are all signs that this is a phishing scam.
Generic or Unfamiliar Greeting
Inconsistencies in Email, Domain Name, and/or Link
Suspicious Attachments
Requests for Login Information, Payment Updates, or Other Sensitive Data
It Seems Too Good to be True
So, how do you protect yourself and your company from phishing scams?
Train and retrain your employees
Your company is only as strong as your most vulnerable employee, so use the software, the multi-factor identification, and make sure you continue to talk about phishing scams and how to recognize them. In fact, maybe send them this blog post!
Enable Multi-Factor Identification
Most major email hosting should offer multi-factor identification. This is the easiest and most practical way to keep unauthorized persons out of your mailbox.
Let the software help! These are a couple of HDH Consulting's favorite partners:
Proofpoint is a cloud mail filter that intercepts messages between mail servers and the client-side mailbox (like a person filtering your mail in the post office)
IRONSCALES is an email security platform that scans data to look for threats
At HDH Consulting, we are always here to discuss your email security and see how we can help. Let us be your partner in IT management!