Phishing – the rising threat to business

What are Phishing Emails?

Phishing emails are email messages with the intention of scamming people in giving out their personal information like passwords and credit card numbers. It is designed to appear genuine by copying the logo, branding and even the writing style and signature of an official employee of a company that you do business with.

These scammers play with the reader’s emotions by employing scare tactics, urging them to take immediate action or their accounts will be compromised. Of course, legitimate businesses will never ask their customers to do this. So, here’s how you can identify a phishing email and stop them before they can steal your money or files.

Types of Phishing Attacks

Businesses can avoid potentially compromising sensitive information or even save money by understanding different kinds of phishing attacks. Guarding yourself against cybercrimes and implementing phishing protection might give you peace of mind. If you own or operate a business, it can be more beneficial: you can channel your time, energy, and money into focusing on growing your business.

Email Phishing – As mentioned above, email is a common way for cybercriminals to perpetrate their scams. Since so many people these days use email, scammers in a sense are playing the numbers game. If they send enough scam emails out, it’s probable that a fraction of people will take these emails seriously. As we’ve seen, 30% of phishing emails are opened. If scammers send these emails to 100,000 or even one million users, the number of people who open them could get staggering.

Spear Phishing – Similar to email scams, spear phishing is a particularly sophisticated approach. These scams take time and research to perpetuate. A scammer will collect information about your contacts and associates. Then they’ll personalize a phishing email, creating the appearance that a colleague, friend, or even loved one sent it. This, of course, makes you especially vulnerable: you might be more likely to click a link if you think you’ve received it from a friend.

Social Phishing – Have you ever noticed a friend on social media has sent you a friend request even though you’re already friends? On examining this new profile, you notice the pictures are the same. Even some of their friends are the same. Although it’s a new account with not much activity, you might take it for granted that this profile belongs to your friend. Perhaps he or she wants to reboot their social media presence, so they’re starting over. In most cases, that’s a false assumption. Social phishing is the act of impersonating someone online to collect information about that person’s friend in order to scam them. Or the scammers might use social phishing to learn or collect sensitive information about the user they’re impersonating.

How to Spot Phishing Emails

Before you click anything on any email, make sure to check for any red flags:

1. Warning signs from your email provider (ex. Gmail or Outlook). Other users may have already flagged it in the past as spam or potential phishing attacks.
2. Check the ‘From’ address from which the email was sent. If it looks suspiciously similar to an official company (ex. gina@peypal.com) or uses generic email account (@yahoo.com) to represent a company, then it’s most likely a phishing email.
3. Generic greeting. Scammers rarely know who they’re sending the email to. So, they use generic greetings like “Dear Member” or “Dear Customer”.
4. Urgent Action Needed. This is the part where fraudsters use urgent calls-to-action to trick you take immediate action. Be wary of keywords used such as “urgent action required” or “your account will be closed, please change password”.
5. The body message is filled with grammatical errors. Some phishing emails are easy to spot on because they often have spelling mistakes and poor grammar.
6. It links to a fake website. The hyperlinked URL doesn’t match with the assigned text and will lead you to a spoof or fraudulent sites.
7. Attachments. If you’re not expecting any files from someone, don’t click on any attachments.
8. Lacks contact details. The email sender does not provide complete details on how to contact them.

How to Prevent Falling for Phishing Emails?

1. Don’t click on any links if you’re not sure about it. Hover over the link and check the web address matches with the text link. If it looks fake or suspicious, don’t click it.
   Try copying and pasting the link to a separate browser tab and see how the site looks like.
   For those on an Android device, long press on the link or button.
   For iOS users, tap and hold over the link to reveal the URL.
2. Don’t download attachments from people you don’t know. It might contain viruses and malware that can corrupt your computer, erase files, or steal your username and password.
3. Use email filters. Email filters are not only good for organising emails, it also filters trusted contacts and flag unknown senders to the spam folder.
4. Never give out any personal information. When you think about it, your bank already has your credit card no. in their database. So, why they would they be asking you for that information?
5. Use anti-phishing browser plugins. Chrome, Mozilla Firefox, Internet Explorer have a host of free plugins you can download to detect if you’re about to access a phishing site. Check out the reviews and ratings before installing any plugins.
6. Check if it’s an HTTPs website. An HTTPs website has a green padlock button and starts with ‘httpss’ on the browser web address. It uses SSL (Secure Server Layer) to encrypt the connection between web servers and browsers to ensure that hackers may not intercept the connection.
7. Use 2-Factor Authentication. A 2FA adds another layer of protection to your account if someone tries to access or change anything information in your account. Hackers can’t steal your data without the 2FA verification code sent usually to your mobile number.
8. Report Phishing Emails. If you suspect a website to be fraudulent, report it immediately to your email provider’s spam team.
9. Teach others how to identify phishing emails. Remind family members and friends to be cautious when browsing online and inform them if they are forwarding a phishing email. For business owners, make sure to conduct seminars or training on how to protect your company’s online security.