Identifying Phishing Scams
A busy inbox has become part of everyday life, both at work and at home. For those who operate a business, incoming emails can be a source of income and new work opportunities. They can also herald disaster as phishing emails become more common.
Phishing emails are those that in some way attempt to mine valuable information such as passwords or user data. Additionally, phishing phone calls, texts, and social media communication have all become more commonplace, making it paramount for business owners and workers to know how to identify and evade these threats.
Here are five ways to identify phishing scams before they can do harm.
1. Look for personalisation
Most modern-day communications will personalise emails and calls in some way. This usually means including your name in the salutation, or at least a specific mention of your products or services in the body.
On the other hand, phishing scams will often start with ‘dear sir/madam’, or ‘dear valued customer’, and follow with a generic message. In some cases, the communication won’t include a salutation at all.
Look for some level of personalisation as a sign that the email or message is legitimate.
2. Look closely at the sender’s email address
It might not be on your radar to examine a sender’s email address, but it’s a good habit to get into.
Often, phishing emails come from addresses that only vaguely resemble the real deal. For example, if you were to receive an email from us, it would come from an ‘@canda.co.nz’ address. A fraudulent email might arrive from ‘firstname.lastname@example.org’.
Anyone can create an email address that includes a company name, but only legitimate communications come from domain name emails, making it important to take a closer look at your sender’s details.
3. Look for typos
Correct grammar and spelling take skill, and many companies invest in professional editors and writers to ensure their communications are error-free.
Fraudsters do not tend to have the best language skills, and rarely invest in a proofreader. One typo might slip through the cracks of a legitimate communication, but a poorly written email riddled with spelling errors is often a clear indicator of a phishing scam.
4. Look for attachments
Email attachments are usually only found in personal communications, but never in unsolicited emails.
If a company sends you an email out of the blue, it is far, far more likely that they would direct you to their website where you could download any documents or files. Attaching files to an email is almost always a dead giveaway for a phishing scam.
5. Look for content that’s either too good to be true, or fear-inducing
Scammers typically play off two human truths: that we love getting things for free, and that we can panic in the face of bad news.
A too-good-to-be-true message might involve news of a free holiday, an inheritance, or a bank error working in your favour. A fear-inducing message might involve a demand for tax payment, a frozen bank account, or an overdue fine.
In both cases, we can be quick to click the link to either claim our prize or deal with the unexpected problem, rather than taking a moment to think rationally and hold off.
Phishing attempts are one of the most common and dangerous threats for modern organisations. Knowledge of these scams and employee training are two of the best defences you have at your disposal to safeguard your company against these dangers.
Another excellent way to protect your business is with professional guidance. CANDA is an industry leader in cybersecurity in New Zealand and can perform risk assessments, conduct training, and much more to help your company stay one step ahead of scammers. See our services page to learn more.