An Employee Guide to Phishing Emails
We’ve recently seen an increase in “Phishing” email attempts across the board with our clients. While in most cases, your SPAM filter will catch any attempts before they ever hit your inbox, scammers are always working hard to find new ways to get through even the most comprehensive email security programs.
At ABS Information Systems, we know that the ultimate line of defense to make sure our clients aren’t victims of Phishing is the end user. We’ve developed this guide with the purpose of helping our clients become aware of what Phishing emails are, and how to avoid falling victim to them.
What is a Phishing email?
Phishing is an online scam where a cyber-criminal sends an email to someone at a company, asking them to provide sensitive information, make a payment to a fraudulent account, or even a more creative objective, like purchasing gift cards and sending the serial numbers. Many times the scammer will ask the user to click a link within the email, which then directs the user to a fraudulent website waiting to harvest their information or collect a payment, but it can also ask the user to simply respond to the email with the sensitive information in the response.
What does a Phishing email look like?
While many people assume Phishing emails will be easy to spot because they’ll come in the form of generic scams, like fake IRS requests, today’s cyber criminals have become a little savvier. Yes, your generic IRS request or fake PayPal request is still a popular Phishing scam, but nowadays Phishing scams are conducted with much more research. The emails can look like they are coming from a coworker, and they may even have other co-workers cc’d to them. Phishing emails may even have the signature of the sender that they are trying to mimic.
What should you do if you suspect a Phishing email?
The good news is, protecting yourself from being a victim is pretty straightforward. If you get an email that looks suspicious, here are three easy ways to check if the email is real or if it’s a Phishing scam
Contact the sender – if the Phishing attempt is meant to look like it’s from a colleague or boss, simply call that person on the phone, walk over to their desk, or send them an email (outside of the email thread with the Phishing attempt) and ask if they sent you something. If the Phishing attempt appears to have come from a company, contact that company and ask them if they really requested the information.
Double check the “reply-to” or website address – when the Phishing attempt is asking for the sensitive directly as a response to the email, they will have a reply-to address from a domain that is not the actual domain name of the sender. If the email is sending you to a website to collect the information or payment, the domain won’t be the official domain of that company
Ask us – helping with computer issues is exactly what we’re here for. We’d much rather get a call from you asking to double check a suspicious email, than a call saying that your system is locked up from a ransomware attack that came from clicking the link in that email.
Three examples of Phishing emails
Fake invoice Phishing attempt
Fake request from a superior Phishing attempt
Fake “information update” Phishing attempt
It’s Your Move
The important thing to remember about Phishing emails is that it’s always better to double check if you’re unsure. It’s much easier to simply ask the supposed sender if they actually sent it, then to deal with the consequences of being the victim later on. If you have any questions about Phishing emails, get in touch with us today.
Nick Bhasin is the President of ABS Information Systems, a Toronto IT support company that has been helping small businesses finding tangible solutions to their urgent issues since 1974. He’s offering his clients the type of peace-of-mind they weren’t able to get anyplace else. Connect with Nick on LinkedIn.