Phishing is still a scourge in our daily lives even when you have secure connections and email clients. A 2019 Verizon report found that 32% of all data breaches involved phishing and 90% of confirmed email attacks went through Secure Email Gateways (SEGs). The consistent detection and avoidance of phishing attempts is key to strong cybersecurity. But in order to do so, it’s important to know what phishing emails often look like.
Perpetrators of phishing emails are typically after personal information, relying on deception tactics to trick victims into forfeiting information including:
- Date of birth
- Social Security Number
- Phone number
- Credit card details
- Password information
Cybercriminals use this information to impersonate their victim: applying for credit cards and bank loans and other fraudulent activities. They can also use information to organize more targeted cyberattacks.
One common theme that runs through all types of phishing emails is the use of social engineering tactics. This practice seeks to take advantage of the natural human desire to trust the people and companies we know. This trust leads to users failing to properly review phishing emails. Here are some common types of phishing emails:
- Account Deactivation
An example of an account deactivation scam would be an email telling the victim that their account has been compromised and will be deactivated without updated credit card information. The link sends the victim to a fake website and to give up their own card information.
- Compromised Credit Card
Let’s say the cybercriminal knows the victim had made a recent purchase at Apple and sends an email in the guise of Apple to tell the victim their credit card information may have been compromised so they need to confirm their credit card details, forfeiting their information.
- Transfer Funds
An employee receives an urgent message from their traveling company CEO. The email tells the victim that the fund request is urgent and necessary to secure a new partnership. Believing the request is real, the employee doesn’t hesitate to transfer funds.
- Fake Google Drive Login
A cybercriminal creates a fake Google Drive login page and sends a phishing email to trick people into logging into the fake site. The email may indicate that Google is updating policies, so the victim gives away their own Google account information. Scams like this have led Google to emphasize the importance of Multifactor Authentication (MFA) to their users.
- Company Tech Support Requests
Employees receive an email from a scammer posing as the company’s IT department asking them to install a new piece of software, but when the employee moves to install the software, ransomware is installed on the company’s network.
Email phishing seeks to steal your important personal information.
So, how can you tell whether an email is a phishing attempt? There are 7 particularly common telltale signs.
- Most companies won’t send you emails asking for your personal information or links to login to an account.
- Legitimate companies will call you by your name while phishers frequently use generic salutations like “Dear customer” or “Dear valued member.”
- Real companies have their own domains. Always check the email address to make sure not alternations like additional numbers or letters have been added.
- Real companies use spell checks and are well-written. Often, the easiest way to recognize a scam is bad grammar.
- Legitimate companies don’t force you to their website—one tactic scammers have started using is an email coded entirely as a hyperlink, so by clicking anywhere in the email will open a fake webpage.
- Real companies don’t send unsolicited attachments.
- Links should match legitimate URLs. Always double-check URLs to make sure the text is identical to the preview URL displayed when your curser hovers over the link.
In order to protect yourself and your company from phishing emails, it’s important to raise awareness of how phishing happens and how it can be prevented and to educate, monitor, communicate, and incorporate cybersecurity into your daily business life. For help on these matters, the team at Innovative Integration has the knowledge and expertise you need to keep your business and its network safe.