It’s not your imagination – today’s cybercriminals are getting smarter. And even though everyone thinks they are tech-savvy enough to identify a phishing scam when they see one, that’s not always the case. In fact, Verizon’s 2016 Data Breach Investigations Report found that a whopping 30 percent of phishing emails are opened by the recipient. No wonder cybercriminals keep using this method – it works pretty darn well. Protect yourself from phishing scams with these five tips.
1. Keep an Eye Out for Language Inconsistencies
It’s easy to poke fun at emails from Nigerian princes that are full of typos and grammatical mistakes, but paying attention to language issues can help you spot less obvious scams as well. If the email in question is full of misspellings or seems to be written by a non-English speaker, proceed with caution. A reputable company would at least read through its communications a time or two before they send them out. A typo or two is sloppy – more than that is suspicious.
2. Check the Sender Carefully
One of today’s most common phishing scams is to send a legitimate-looking email asking for personal information like social security numbers, bank account details, or website login info. A trustworthy company will never ask for you to supply personally identifying information via email or instant message, so be extremely wary of any communications asking you to part with sensitive data.
Take a good look at the sender’s name and email address as well. Many scammers will use a “from” email that mimics the legitimate domain – [email protected] instead of [email protected], for example. If there’s anything fishy about the sender’s credentials, research the legitimate company’s domain to determine if there’s a discrepancy. Some email providers, like Gmail, offer ways to verify sender addresses. Take advantage of them if they exist.
3. Don’t be Fooled by Dramatic Wording
Scammers will often try to strike fear in your heart with phrases like “Final Notice!”, “Account Closure Warning!”, and “A Security Breach was Detected!”. Words like these cause us to drop our defenses and hurriedly click on a link or provide sensitive information in order to rectify the perceived problem. Take a deep breath if you receive an email with this kind of inflammatory language. Check the sender, content, and other cues carefully before proceeding. If you’re unsure, reach out to the company who is supposedly contacting you via other means (like a phone call) to confirm that the email is legitimate.
4. Avoid Clicking Suspicious Links
Some phishing emails will include links to external sites where you are directed to log in or provide personal information. Inspect all link URLs very carefully before clicking. A common trick is to use a domain name that is just subtly off from the legitimate company’s website, a discrepancy the untrained or careless eye would miss. For example, a malicious link might say paypal.scammercity.com instead of paypal.com. Brush up on your DNS naming conventions to avoid getting duped.
If you’re already clicked on the link, proceed with extra caution. Some technologically proficient scammers will set up fake sites that look legitimate, but aren’t. Links won’t work, picture quality may be off, and, most importantly, the login box “logs you in” to the scammer’s site instead. Be on the lookout for false pages, especially if other warning signs from this list are also present.
5. Keep Your Guard Up
Wombat Security reported in 2016 that phishing scams are most successful when they masquerade as something the recipient is already expecting or is accustomed to seeing. Would you think twice about clicking on a password reset email that appeared to come from your company’s help desk or a shipping confirmation email for office supplies? Common sense will take you a long way here. If you didn’t order anything recently, check around internally to see if this is a legitimate communication. If you didn’t request the password reset, call the IT department for verification before proceeding. No one in your company will blame you for being thorough if an email does turn out to be legitimate, so it’s better to be safe than sorry.
Take Data Security Seriously
Phishing scams can target anyone, anywhere, at any time. These five tips will help protect you, but it’s important to take other steps to safeguard your data as well. An important but often-overlooked element is how your partners and vendors handle your data. At 360 Payments, security is a priority, not an afterthought. Give us a call at 1-855-360-0360 or drop us a line on our website. We’d be happy to show you why your information is safe with us.
PS – Protect your business from employee fraud with these tips.
PPS – Here are a few more ways to safeguard your business in the digital age.