You probably have a couple of phishing emails in your spam folder right now that were easily detected by your spam filter. But while spam filtering can automatically junk unwanted mail, scammers are relentless and will try more effective ways to get you to click on that malicious link.
Phishing scams are on the rise
Phishing is a social engineering tactic that scammers use to trick unsuspecting victims into divulging their sensitive information. To do this, a scammer sends a fraudulent message via email, SMS, or phone call, pretending to be someone from a legitimate government agency, bank, charitable foundation, or other organization.
According to the latest study by Anti-Phishing Working Group’s Phishing Activity Trends Report, 1,097,811 million phishing attacks were reported in the second quarter of 2022 alone. This shows that phishers are getting much better at pulling off social engineering scams, and if you let your guard down, you might become the next victim.
Phishing email: Signs you should look for
Any business could succumb to a phishing scam, but not if you stay vigilant and watch out for the top seven signs of an email-borne phishing scam.
Poorly written message
Grammatical and/or typographical errors in a message should be your first clue that an email was sent by a scammer. And if that email asks for your personal information, be cautious. A legitimate company — whether it be a bank, internet service provider, hospital, etc. — would never ask you to provide your personal information like your Social Security number or credit or debit card details via email.
A considerable majority of legitimate companies will address you by name (first name, last name, and/or both) in their messages. Emails that start with a generic greeting like "Dear cardholder", "Greetings!", or "Dear customer" are likely to be fraudulent and should raise a red flag.
Request to click on a link
Phishers' ultimate goal is to get you to click on a link that takes you to a website where they can carry out their modus operandi. This fake website may look exactly like the real website of a bank, credit card company, or online retailer, but it's only designed to steal your personal information.
So think before you click on any links. Similarly, you should be vigilant when you receive a phone call, an SMS, or a direct message from any social media platform that asks you to click on a link.
Related reading: Mobile phishing is scarily efficient. Here’s why
It's generally best not to open attachments from unknown senders since these might be infected with viruses or malware. If you're expecting an attachment from a legitimate source, make sure that you verify the sender before opening it. If you receive a pop-up alert about the attachment's legitimacy, or if the program requests that you change your settings, don't proceed any further.
Promises of freebies
Everyone loves free stuff. Unfortunately, scammers know this and will often use offers of free products or services to lure people in. Watch out for any emails that promise something for nothing.
Requests that are urgent or threatening
Scammers want your details and they want them ASAP. Thus, they will write messages that urge you to take action right away. They may make you think that your account has been hacked and that your personal details have been compromised. In such cases, it’s best to practice due diligence and take the time to verify the message before taking any action.
Scammers may also try to intimidate you by saying that your account will be closed if you don't take action immediately. They might also threaten legal action or say that you'll be in trouble with the law. Don't let these scare tactics fool you — just delete the email and move on.
Message sent from a public email domain
If you receive an email from any public domain, be cautious, as it's easy for scammers to create fake email accounts and use them to fool unsuspecting targets.
The sender is likely legitimate if the domain name (the name that follows the @ symbol) matches the email address. But if it doesn't match, then it is probably a scam. For example, if you receive an email from a sender claiming to be from Microsoft but their email’s domain is Yahoo or Gmail, it's likely a scammer. Junk that email immediately or alert your tech staff or IT partner even if the message appears legitimate.
Note that it can be ineffective to spot phishing emails merely by checking the email address. In some cases, fraudsters will include the name of a reputable organization in their email address. So don’t be fooled by email addresses that read like “email@example.com” or “firstname.lastname@example.org”.
Protect your business against phishing scams
You can guard your business against scams by being aware of these signs and being cautious about the emails you open and links you click on. Always err on the side of safety and junk any suspicious email you receive. If it promises a deal that's too good to be true, it probably is.
Businesses can protect against phishing by educating staff about what phishing is and what they need to look for to identify a phishing attempt. Employee awareness training goes a long way in ensuring that employees can spot a scam.