What is a phishing (or spoof) email?
A phishing or spoof email is an email that is falsely disguised as a person or entity you know. Often times the email will indicate to take action by clicking a link in the email or open an attachment in the email. Once the user takes an action, the bad guys will have access to the individual's account (see example below).
Example: Jane from your HR department sends you an email needing your bank information for direct deposit as your employer is changing their HR software. There is urgency because payday is 5 days away. You create a new account and enter your checking account with routing information for direct deposit.
It turns out that this email was a complete phishing email and now bad guys have your bank information to steal money. How could you have prevented this? The email was from Jane at work!
Components of a phishing email
Although the email, links and attachments may have appeared from Jane at work, you have to look out for the following red flags that may indicate a phishing/spoof email.
Flag one: Look at the time in which the email was sent. Was this during an “odd” time when staff would not usually send an email? Would Jane really send an HR email at 2:00 am on a Tuesday?
Flag two: Who is also included in the email? If there are unfamiliar contacts included in the email (especially when you are familiar with your colleagues at work) then it is most likely a phishing email!
Flag three: Look closely at the attachment title or link addresses before opening or clicking anything. Are any of the words spelled incorrectly in a company’s name? If the web address does not contain a correct name, or misspelled items, it is mostly likely a phish!
Flag four: Does the email look not “typical”? For instance, does your colleague usually have the same email signature, which is now missing in this email? Or are most of the words misspelled in the email? If so, this can be a spoof.
Have a conversation
It is ALWAYS best to follow-up with correspondence that you are unsure are phishing emails. As the example above, if you are really unsure if it is your employer or not, have the conversation in-person when you arrive at the office the next morning. Ask the appropriate person to confirm if it was indeed she/he sending you an email.
Also, be sure your employees know these red-flags of a phishing/spoof email! It is so easy to overlook the details of an email…ESPECIALLY in this day in age where we are moving faster than sometimes we can even comprehend.
Key advise for phishing emails
My biggest tip in regards to phishing emails is to: click slowly. It is so common in this day in age to work in “auto pilot” as our emails are on our phones or we just like the satisfaction of marking read all our emails in our inbox.
However, quickly clicking through emails and emails containing links can pose danger to your organization. This is how one can leave your “side door open” to cyber criminals. Once phishing links are clicked or false forms are filled, then the bad guys will have access to your network/information. It is as simple as that. This is why it is CRITICAL to read through emails slowly and carefully.
Clicking slowly with the above knowledge will ensure that you will not fall victim to a ransomware attack or other cybersecurity issues.
Unsure if your IT provider is monitoring your Chicagoland’s business’s network 24/7? Schedule a free appointment with us here: https://www.goleadingit.com/. We are glad to have a conversation about the health of your network and more importantly, how we can take the stress of technology/computer issues away from you.