There are some very convincing email phishing attacks out there. We’ve talked about several of them – the one that pretended to be a cybersecurity training update, the one that uses a real Microsoft login prompt, and one that uses Google Forms to copy your bank login page are just a few of the best ones currently in use.
They can be easy to fall for – but if you know what to look for, you can dodge most of these attacks with less than a minute of work. Here are four questions to ask.
1) Who is it from?
Sure, it has your co-worker’s name in the To: line. But look a little closer. Is that the email address your co-worker normally uses to email you? If not, it’s probably a scam.
Unfortunately, it can still be a scam even if it does have their real email address; someone could have gotten access to their email account. To be sure it’s real, it’s best to keep going down this list.
2) What does it ask you to do?
If the email asks you to click on a link, hover your mouse over it for a second (Don’t Click!). Does that web address look familiar? If it’s exactly what you were expecting to see, that’s a good sign. If not, clicking that link is probably the next step towards getting your PC infected with malware.
If it asks you to text someone, do you recognize the number? If you’ve never contacted the person using that number before, then you have no idea whose number it really is. Check a source you trust to see if it’s really the sender’s number. Alternatively, contact the sender some other way you know is legitimate, like an alternate phone number or a via a new email chain.
If it’s an unexpected attachment, call the sender before opening it. There’s a good chance it’s malware.
3) Does it involve money or data?
Hackers are after two things: your money or your data (which they can turn into money via extortion). If the sender is requesting money or data, and you weren’t expecting the request, give them a call and confirm that they sent the request. If you know their voice, that’s hard to fake.
If the request involves wiring money or any other sort of financial data, always confirm the request via voice-based interaction (phone, video chat or in-person). It’s amazing what hackers and social engineers can do to get in the middle of a financial transaction and re-direct the money to themselves.
4) Is it written poorly?
Take a look at the grammar and spelling. Typos don’t necessarily mean it’s a phishing email – the other person may be using a smartphone to send the email. But if there are obvious grammar errors, that’s a red flag. Some phishing emails are written impeccably, but fortunately, English is not the first language of most cybercriminals.
To learn how WingSwept can help keep your business safe from cybersecurity threats, call us at 919-460-7011 or visit https://www.wingswept.com/managed-services/cyber-security/.