When it comes to cyber crime, Phishing is the bread, butter and even the toaster.
Despite how much we think we know about scam emails, people still frequently fall victim.
At times, phishing emails can be extremely convincing and therefore it is easier for them to come across as the real deal. Furthermore, we live in a fast-paced world and many of us don't see the point in going through an email with a fine-toothed comb, especially when receiving hundreds of emails a day.
However, exercising extreme caution is essential in prevention, and there are a few common red flags that set the malicious apart from the legitimate.
First of all some stats.
In a report released by cyber security advice orgnaisation Cert NZ, it was revealed that they received over 2600 incident reports of breach of cyber security in quarter 3 of 2020 alone with over half of these phishing attacks.
This resulted in an estimated $3.2 million in financial loss in the period of 4 months, and it is from these stats that it is essential to know how to differentiate the
The message is sent from a public domain
Most organisations will have their own email domain and company accounts Not even Google uses '@gmail.com'.
Many of us don't take the time to look at the sender's email address.
We simply look at the inbox display name and subject line and think ‘well that is good enough’ and begin the journey into the rabbit hole, trusting that the source was from someone they know or from a reputable company.
When crooks create their bogus email addresses, they often have the choice to select the display name, which doesn’t have to relate to the email address at all.
They can, therefore, use a bogus email address that will turn up in your inbox with the display name Google.
However, here is an example of a nearly flawless phishing email:
Image sourced from: WeLiveSecurity
Everything from the logo through to styling is on point and the request is believable, up until you take a look at the sender's email address ‘pay.pal@notice-access-273.com’.
This is why it pays to be thorough, as something as simple as an email address can result in potentially thousands of dollars being lost.
If you have any doubts, try searching the company's name in your search engine
The domain name is misspelt
Domain names play a crucial role in phishing attacks. The trouble is anyone can buy a domain from a registrar and there are plenty of ways to spoof legitimate orgnaisations.
A Gimlet Media show producer - a digital media organisation based in Brooklyn - hired a hacker to try and catch the show's host in a phishing scam.
The hacker bought the domain gimletrnedia.com (spelt r-n-e-d-i-a, as opposed to m-e-d-i-a, as demonstrated in the image) and impersonated the producer, Phia Benin.
The hackers' scam was so successful that he managed to trick the show's host, CEO and its president.
The email is poorly written
Poor grammar and spelling are some of the easiest red flags to spot when it comes to scams.
Many scammers are from non-English-speaking countries, and this explains why the grammar is so poor in scam emails.
However, many hackers will have access to spellcheckers or translators meaning they get the right word but not necessarily the right context.
It is better to look for grammatical errors, as these will not be picked up by a spellchecker or translator
It includes suspicious attachments or links
Phishing emails come in many forms. Although emails are the most common targets for phishers, you may also get scam text messages, phone calls or even social media posts.
The purpose of these emails is to capture sensitive information, such as login credentials, phone numbers and account numbers.
The golden rule is to never open an attachment unless you are 100% confident that the message is from a legitimate party.
For login prompts, it is best to train yourself to check where links lead before clicking them. Simply hover over the link and the destination address will appear in a small bar along the bottom of the browser.
The message creates a sense of urgency
Many scams request immediate action to amend an issue before its too late, and criminals are acutely aware of this both in and outside of the workplace.
They know that we are likely to drop everything at our bosses or upper management's request.
This particular form of cyber attack can be very dangerous, as even if foul play is suspected, employees may be too afraid to confront their bosses at risk of implying non-professionalism,
However, the frequency of cyber attacks is continually growing, and any organisation that cares for cyber security, will accept a 'better safe than sorry' mentality.
When you spot one or a multitude of these things within your emails, it becomes very obvious to detect potential phishing scams. Ensure you are educating yourself and your fellow employees constantly because learning to separate the legitimate from the illegitimate is the first step in prevention.