Phishing scams are expensive. In fact, on average, they cost SMBs $1.6 million each time.
Playing on a user’s fear, a phishing scam is when a cybercriminal poses as someone else to gain important information from you, such as passwords and credentials.
The most common ways they achieve this is via email or social media, with messages looking as though they have been sent from a trusted source, such as a bank, HMRC or even your boss.
Today, we’ve rounded up a few signs that you’re reading a phishing email.
Something is off with the sender.
Now, as we mentioned before, the sender could be posing as someone you do know or at least someone who is in your company, such as Head of Finance or even the person sitting next to you. This is a really clever way to get you to perform an action and fall for the scam.
However, before you get click-happy, take a moment to think about what they are asking you and if this is the usual way they would contact you. For example, if it’s HMRC or the bank, would they really be emailing you asking you to re-enter your password or download a file?
Check with the supposed sender by giving them a call or opening up a separate email conversation.
Even if the sender seems legit, the email address could be masked. For example, it could say “Paypal”, but when you hover over the email link, the original sender could be firstname.lastname@example.org (maybe not as obvious as that). Anyone who works at PayPal will have a more professional-looking email.
Links in scam emails can work in a similar way. What you think looks like a trusted link, could be masked or redirect to a dodgy site. And, remember, even though the site has the green padlock, it could still be a scam!
Phishers get you by fueling your panic and urgency.
If a senior member of staff – or your bank – is emailing you to click this link and fill out an important form, you’re going to be tempted to get it done as soon as possible for them.
Again, stop and think about what you’re doing and double check with the supposed sender via phone or face-to-face to find out if the document is legitimate.
By bringing it to your boss’ (or bank’s) attention, you can save other people from getting scammed too.
Something doesn’t seem right.
Most cybercriminals aren’t too clever and will frequently misspell words or simply phrase things in an odd way.
If something seems off, such as a misplaced apostrophe or capital, or a low-quality image, don’t act upon the email until you know for sure that it’s genuine.
Phishing scammers are becoming better and better by the day. But, they still seem to miss small, crucial details – so watch out for them.
Remember, scams aren’t always done by email.
More and more criminals are using social media to lure in their prey. LinkedIn has become a hotbed for scammers posing as recruiters or potential clients. So, be sure to check who you’re talking to and what you’re downloading.
What if I’m caught by a phishing scam?
It happens to the best of us, so don’t panic right away.
Take a moment to think.
We recently had a client who received an email from a scammer claiming they had already been hacked. The scammer even quoted one of the client’s passwords from a personal social media account – scary stuff. However, the scammer was claiming to know the password to their work email, which was completely different, so they were probably lying about the hack and relying on knowledge of other accounts.
In this instance, reset your passwords and contact your IT support team to give your peace of mind.
Meanwhile, it goes without saying to have quality malware and antivirus software. This way, if you do download a malicious file, you’re still protected.
If you do need any more advice on phishing scams or think you may have been affected, please get in touch with us now and we’ll be able to help you.