While phishing emails are one of the most common ways cyber attackers try to scam individuals, it is increasingly being used to target businesses. Successful attacks enable criminals to install malware, including ransomware, steal login details and con employees into handing over business intelligence or even transferring money to attackers’ bank accounts. Training employees to spot phishing emails is crucial to protecting your business and to help, here we discuss their tell-tale signs.
- Badly written messages
Poorly written English presents a negative impression of a business and that’s why genuine companies go out of their way to ensure that the contents of their emails are faultless. Indeed, many employ professional copywriters for that reason. Scammers, many of whom are not native English speakers, often have poor writing skills and so their emails contain spelling, grammar and punctuation errors. If an email from a business contains these errors, there’s a good chance it’s a fake.
- Suspicious email addresses
Genuine businesses have domain names that are associated with their brand, for example, we are Webhosting UK and our email addresses always end in @webhosting.uk.com. If the email address isn’t associated with the business, then it is likely to be fake. Sometimes the differences are very subtle, e.g., @webhtosing.uk.com, sometimes the original will be incorporated into a longer address, e.g., @webhosting.uk.12345.com or [email protected]. Scammers can also be crafty, putting the sender’s name as Webhosting UK and a fake email in the address. If in any doubt, employees shouldn’t open attachments or click on links in the email.
- Urgent action required
Criminals frequently use scare tactics to get recipients to fall for their scams and the most common way to do this is to tell them something needs doing urgently. Typical examples include telling people their account is suspended because of fraudulent activity or that their passwords are about to expire. There are numerous others.
Without fail, these kinds of emails will contain a link that the user needs to click on to rectify the problem. This link will either trigger a malware attack or send the users to a cloned website, which when they log in, will actually be stealing their username and password.
If employees suspect the emails are fraudulent, the easy way to discover is to hover the mouse over the link as this will display the website they are actually being sent to. If employees are in doubt, they should search for the business on a search engine and log in from there, rather than clicking on the link in the email.
- Important information requested
More than anything, cybercriminals want to make money. For this reason, a phishing email is likely to ask recipients for information that can help them do this. They either ask for banking details so money can be taken directly from an account or login credentials to access information, such as business intelligence, that can be sold to other criminals on the dark web.
As businesses know that scammers ask for this information in phishing emails, the vast majority of genuine companies no longer ask for any sensitive information to be sent via email. This includes addresses, dates of birth, login credentials, ID numbers (e.g., passport, national insurance or driver’s licence) and bank account details. If asked for these by email, it’s likely to be a scam.
- Fake internal emails
An increasingly used attack, aimed specifically at employees, is for cybercriminals to send emails to employees pretending to come from senior executives within a company. Known as Business Email Compromise attacks, these often use email addresses that appear very similar to the real thing and where the logo and layout of the email are cloned from a genuine company email.
These emails instruct employees to send files to specified recipients and in some cases, ask finance staff to make payments to particular accounts. However, both the files and the money are being sent to cybercriminals.
Spotting these requires the employee to look closely at the email for any of the signs mentioned above and to ask themselves whether the request being made by the executive is unusual or against company policy. If in doubt, the employee should double-check by typing the executive’s genuine address rather than simply replying to the email.
Tools that help
Besides spotting fake emails, businesses can reduce the chance of phishing-related crime in two ways. Firstly, by using advanced email filtering tools, like SpamExperts, that can identify incoming phishing emails and stop them from arriving in inboxes and, secondly, by using email certificates for outbound emails. These encrypt and verify your sent mail so that both internal and external recipients know they are genuine.
Phishing affects businesses of every size, in every sector, and each year the cost of becoming a victim increases. By using tools like SpamExperts and email certificates, together with adequate employee training in spotting the signs of phishing emails, the chance of falling victim is massively reduced.
If you are looking for secure hosting for your website and email, visit our homepage.