60 second rundown…
- Spear phishing is when a criminal tries to trick people into giving away sensitive data.
- Spoof emails impersonating a trusted source can look legitimate at first glance.
- Scammers use social engineering and emotional manipulation to exploit users.
- Watch out for red flags especially requests for secure information.
- Phishing emails often have spelling mistakes and inconsistencies.
- Guard your small business with email security, password protection, and employee awareness
It’s not always easy to spot a phishing scam. You get an email from a vendor urgently requesting updated billing information. The message looks legit. It has the company logo. The email header shows the company’s name. You click the link, provide your billing info, and think nothing more of it. Unfortunately, this was a spoofed email, the first step in a phishing attack.
What exactly is phishing?
Phishing is when criminals send camouflaged texts or emails asking you to click a link and enter personal information. Scammers imitate a reputable business or person to trick you into giving sensitive information. Sophisticated spoofs may look exactly like a legitimate message.
How Phishing Works
Most phishing attacks start with spoofing. The scammer poses as someone you trust, such as your bank or IT department. They can initiate contact through various channels such as email, text, or instant message. Often, the letter sounds alarming and urgent. For example, there’s been a data breach, and you need to change your password. Other times an email mimics a routine password change or update. The user is duped into clicking a link that takes them to a camouflaged website. They enter sensitive information and click submit. Now the scammers have access to the data.
How to Spot a Phishing Scam
Often cybercriminals employ social engineering to trick users into clicking a link. Phishing attacks elicit an emotional response from the reader—fear, sympathy, curiosity, greed. For example, the email threatens negative consequences unless you take urgent action. Scammers hope you will rush to act and don’t study the email for inconsistencies.
Watch Out for These 5 Red Flags
It’s probably not that urgent. Take a moment to examine the message further. Look for specific characteristics that flag an email as a potential security risk.
- Request for Sensitive Data — This is a huge red flag. Be wary of any emails or texts requesting personal information, even if they look legitimate.
- Unfamiliar Salutations — Colleges will use informal language in emails, and they don’t start every message with “Dear.” Watch out for emails with uncommon greetings that don’t address you by name.
- Grammar and Spelling Mistakes — In some cases, English is not the writer’s primary language. Some misspellings are intentional to bypass spam filters. Plus, scammers are trying to catch unsuspecting people—someone who overlooks the errors might also fall for the scam.
- Inconsistencies — Check the “from” and “reply-to” fields. Carefully examine any links. Compare the domain with previous emails from the same company.
- Outrageous Claims — You’ve won $5000! Again, scammers are looking for victims who are likely to fall for their deceptions. If it’s too good to be true, then it probably isn’t.
Protecting Your Business
Learning to detect a spoof email is a crucial element of protecting your small business. But it would be better if spoof emails didn’t even make it to the inbox. Small companies can take active steps to guard against malicious attacks. Prioritize email security, identification and access management, and employee training.
- Email Security — Many business-class email services have advanced security protection embedded in the system. Anti-virus software like Microsoft Defender for Office 365 includes protection against malicious attachments and links.
- Password Policies — Design a password policy that designates lengths, character restrictions, and multi-factor authentication. Encourage employees not to use the same password for multiple accounts. If a password is compromised, change it immediately.
- Awareness Training — In the end, some scams will make it past the protections. Employees must know how to spot a phishing scam.
- Spear Phishing can come from texts, phone calls and in traditional US mail as well.
At SMB Support, we help small businesses apply network security best practices, including employee training. If you need experts you can trust, give us a call at 908-895-0273.