Subscribe to our newsletter


60 second rundown…

quickly identifying a phishing scam

It’s not always easy to spot a phishing scam. You get an email from a vendor urgently requesting updated billing information. The message looks legit. It has the company logo. The email header shows the company’s name. You click the link, provide your billing info, and think nothing more of it. Unfortunately, this was a spoofed email, the first step in a phishing attack.

What exactly is phishing?

Phishing is when criminals send camouflaged texts or emails asking you to click a link and enter personal information. Scammers imitate a reputable business or person to trick you into giving sensitive information. Sophisticated spoofs may look exactly like a legitimate message.

How Phishing Works

Most phishing attacks start with spoofing. The scammer poses as someone you trust, such as your bank or IT department. They can initiate contact through various channels such as email, text, or instant message. Often, the letter sounds alarming and urgent. For example, there’s been a data breach, and you need to change your password. Other times an email mimics a routine password change or update. The user is duped into clicking a link that takes them to a camouflaged website. They enter sensitive information and click submit. Now the scammers have access to the data. 

How to Spot a Phishing Scam

Often cybercriminals employ social engineering to trick users into clicking a link. Phishing attacks elicit an emotional response from the reader—fear, sympathy, curiosity, greed. For example, the email threatens negative consequences unless you take urgent action. Scammers hope you will rush to act and don’t study the email for inconsistencies. 

Watch Out for These 5 Red Flags

It’s probably not that urgent. Take a moment to examine the message further. Look for specific characteristics that flag an email as a potential security risk

  1. Request for Sensitive Data — This is a huge red flag. Be wary of any emails or texts requesting personal information, even if they look legitimate.
  2. Unfamiliar Salutations — Colleges will use informal language in emails, and they don’t start every message with “Dear.” Watch out for emails with uncommon greetings that don’t address you by name. 
  3. Grammar and Spelling Mistakes — In some cases, English is not the writer’s primary language. Some misspellings are intentional to bypass spam filters. Plus, scammers are trying to catch unsuspecting people—someone who overlooks the errors might also fall for the scam. 
  4. Inconsistencies — Check the “from” and “reply-to” fields. Carefully examine any links. Compare the domain with previous emails from the same company. 
  5. Outrageous Claims — You’ve won $5000! Again, scammers are looking for victims who are likely to fall for their deceptions. If it’s too good to be true, then it probably isn’t. 

Protecting Your Business 

Learning to detect a spoof email is a crucial element of protecting your small business. But it would be better if spoof emails didn’t even make it to the inbox. Small companies can take active steps to guard against malicious attacks. Prioritize email security, identification and access management, and employee training.

At SMB Support, we help small businesses apply network security best practices, including employee training. If you need experts you can trust, give us a call at 908-895-0273.

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x

Stay ahead of the game and subscribe to SMB Support's newsletter for expert insights and innovative solutions

SMB Support Logo - IT Services

Need Support?

Contact us if you need IT Support for your business