Phishing scams have been around since the advent of email. The ongoing attempts by scammers is a testament to their efficacy, with over 26,000 reported cases last year in Australia alone costing businesses over $800,000. And that’s just what was reported to the ACCC. So, given this huge volume of phishing attempts, it’s almost guaranteed that you, or and employee of your business, will be targeted. To avoid this cutting through your bottom line, here’s our tips on how to identify a phishing email before it bites you.
Get protected at the source
Most phishing emails are corralled off into the internet ether before you even see them, if you use managed email. Services such as Microsoft’s Office365 and Google’s GSuite aggregate data over hundreds of thousands of emails to identify phishing emails before they appear in a user’s inbox, sending them to a spam folder or not delivering them at all. That’s all fantastic if use a managed email service, but they’re still not fool proof. And if your business is using a hosted mail service, then chances are you won’t have access to this level of security.
Think before you click
It’s estimated that the average office worker receives over 100 emails a day, so it’s no surprise that we can turn on to autopilot when we’re coming through our inboxes. However, the first step to avoiding a phishing email is to not open every email you receive. If the title of the email looks suspicious, flag it and move on. And by “flag it”, we mean marking it as suspected spam. Not only will this avoid you accidentally opening it in the future, if you work in a large organisation it will help your IT support to identify other employees that may have received a similar scam.
Things to look out for include:
- Spelling and obvious grammatical errors (although scammers are certainly becoming better educated)
- Questions about an order from a brand that you haven’t ordered something from.
- Any email from a bank requesting you to review your personal details.
- Any email talking about account lockouts or password resets that you haven’t requested.
- Emails with no signature.
- Vague salutations.
If you’re at all concerned that these might be legitimate, then call the business directly to confirm. Don’t follow any links or phone numbers in the email itself (more on this below).
Pay close attention to details
Even if nothing about the email immediately grabs your attention as off, you should still pause before doing either of the following in an email:
- Opening an attachment
- Following a hyperlink
Before you do either of these things, take the time to review the details of the email. Specifically, check the email address of the sender, not just their user name. If the address doesn’t come from the domain of the brand it purports to be from, then stop. In the case of a link, don’t trust that the wording of the link is where you will be sent. To see where the link is really sending you, hover your mouse over it and look at the little tooltip that pops up. When it comes to attachments, it’s recommended that you only open attachments you are expecting.
What to do if it goes wrong
If you do click on an attachment or follow a link that you find out has been spoofed, all is not lost. For dodgy attachments, immediately contact your IT support provider to notify them of what’s happened. Today’s computer viruses come in a huge variety, so it’s worth sending the information to the people that can deal best with the threat. Rolling back to a previous backup can alleviate some of the problems.
If you’ve entered your account details somewhere you’re not supposed to, immediately contact the business that the account was with. It is up to the business itself as to how it deals with these issues, but most large organisations will have the ability to get you back up and running sooner rather than later.
For more information on how you and your business can protect itself from phishing attempts and other IT related disasters, get in touch with us here at UnlimitedIT (hover your mouse over it before clicking!). We offer round the clock support for all your emergencies with just one flat-fee per month, to let you focus on what you do best.