Cybercriminals look to exploit you and your awareness on identifying fake emails
When we provide Cyber Awareness training we are often asked “How do I spot fake e-mail”. In the news there is always information about fake email scams that look like they have been sent from legitimate companies demanding personal information from consumers
Phishing emails are sent by cybercriminals where they attempt to lure people into a false sense of security. Victims hand over personal information, click a link or download a document that causes information to be stolen or corrupted.
There are measures that can be taken to reduce phishing scams and there are add-ons to services like in Office 365 which increase the defence against phishing scams.
A single spear-phishing email carrying a slightly altered malware can bypass multi-million dollar enterprise security solutions if an adversary deceives a cyber-hygienically apathetic employee into opening the attachment or clicking a malicious link and thereby compromising the entire network. James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
Here are our 6 tips to help you spot a phishing email:
- Never assume that e-mails you have been sent are from the person they claim to be. If an email does look suspicious, it is likely their account has been hacked.
- Generally companies do NOT ask for you to make a payment via e-mail, there are exceptions such as when a company sends an invoice. Always think about the request and if in doubt check by calling the sender to verify if it is legitimate.
- Has the e-mail been sent to you addressing you by name? You can often see gaps in the writing and the impersonal tone in the e-mail can make you realise it wasn’t actually sent for you.
- Scammers pretend to be from companies, often taking brand logos and layouts of e-mails. Be vigilant and check to make sure if it is real, such as with PayPal e-mails they are all too often faked.
- When seeing a link in an e-mail be cautious about where it takes you, all too often scammers can e-mail fraudulent links that may look legit but actually are designed to steal your personal data.
- If it is spam you may notice a lot of incorrect spelling and grammar.
Organisations will generally check e-mails before being sent. Phishing e-mails are often put together fast by criminal organisations to attempt to extract the biggest amount in the quickest amount of time.
What Can We Do To Prevent Phishing?
Cyber Crime has become a massive industry and the most common approach is to go after employees of companies through ‘social engineering’. Quite frequently we see e-mails that look legitimate but are actually from phishing scams designed to look like an e-mail sent by Microsoft, designed to look like an invoice or a request for the user to authenticate themselves.
If you are asking how do I spot fake e-mail, we have to look to our employees are indeed the weakest link and it needs to be your IT departments job to educate your employees. If you do not have an IT department then any outsource support you use.
A Spam filter is a very important tool that can be a defensive block between your e-mail service and the scammer. Not all spam will be filtered though unfortunately and that is where we need to educate users to make sure they don’t click on links they weren’t expecting.
Social engineering is not just done via e-mail, we need to also be vigilant about criminals performing social engineering over the phone or in person. Often users will use personal information in passwords or recovery options. We need to be cautious about the information we share as criminals may call asking for personal information posing as another company looking to verify information.