We’ve all gotten those emails. They’ll come from a company you’ve done business with, or from someone you know. A boss maybe. The wording is odd sometimes—there are always phrases that seem a little off, like “I’m stuck on a conference”—but the tone is usually urgent. Some action or information is needed. A cell phone number. Or credit card or social security data. Or maybe just clicking a quick link.
They are phishing emails: a scam in which a hacker or cyber-criminal sends their target a message intended to trick the target into revealing sensitive information. They are a common security threat, but with their frequently outlandish requests (who knew there were so many Nigerian princes that need our help?), it’s easy enough to view phishing emails as an irritant at worst and comical at best.
However, cyber scammers have gotten considerably more sophisticated in their methods. It’s no wonder that in May of 2021 there was a 440% increase in phishing attacks.
The truth is, it just takes one mistake—whether that’s a gullible employee or a distracted click on a questionable link—to open your business up to a major security breach. That’s why it’s more important than ever to make sure that you and your employees know some of the common signs of spam emails, so they can send these nefarious missives to the trash bin on sight.
Here are three common signs to look out for:
1. Requests for Sensitive Info
Maybe a package you ordered is stuck in transit somewhere, and your credit card information is needed to expedite shipping. Maybe your account with an online shopping service has been suspended, and you need to answer some security questions to log back in. Or maybe an acquaintance is in a jam, and they need your bank account number to wire the cash they need to get home.
Don’t believe it, and don’t share anything: the most tell-tale sign of a scam email is a request for some sensitive information. Simply put, no legitimate company or organization is going to ask for your social security number, tax info, credit card info, or similarly sensitive information over email, especially not an unsolicited email. Your friends and co-workers don’t need that information either. (Unless your friends and co-workers are, in fact, phishing scammers. In which case, get some new friends!)
Of course, some scammers won’t request info but instead will send a link to click or attachment to download. Typically, taking any action can lead to your system and network being invaded by a virus or ransomware. These types of phishing emails can be tougher to detect, so before you take any kind of action, check for other signs that the email may not be legit.
2. Suspicious Email Addresses
When you open your email box, you’re used to seeing new messages from friends or co-workers, as well as promotions from favorite companies. But if you click into one of those emails and something seems off, check the email address of the sender. Is it different from what you might expect in some way? Scammers are now able to make it appear as though their messages are coming from your contacts or businesses you trust, but the truth lies in the actual domain email address. If it’s from a business, does it have extra numbers? A spelling mistake? Does it seem to have no connection at all to the business it’s purportedly from? Then chances are it’s a scam.
Emails from contacts can be spoofed, too. But you know your friend’s email addresses (or should be familiar at least) – is this email from a different address than normal? Or if it’s from a co-worker, is the email coming from their typical work email, or is the owner of your company suddenly emailing you from a Hotmail account? If anything seems off, it’s best to proceed with extreme caution.
3. Awkward Language and Spelling Errors
We know that writing can be tough (not everyone can write IT company blogs, cough cough), but when you see an email with numerous spelling mistakes, missing words, and odd phrases, it’s fair to assume that something might be awry. Though scammers are getting better at writing convincing emails (or utilizing increasingly sophisticated AIs), phishing emails are typically full of obvious errors.
After all, a major corporation will likely ensure that its email correspondence is clean and typo-free. And while your acquaintances or co-workers may not have the luxury of copy editors checking their work, if their email is filled with phrases or language they don’t typically use, you can rightly suspect it may not be their words.
Get Extra Phishing Protection from BITS
It’s true that some of these signs may seem obvious. But with the amount of correspondence we tend to get each day, it’s easy to let your guard down and click a link or download an attachment from a scammer. It can, and does, happen.
One thing that can help is a service called KnowBe4. It can send out emails designed to resemble standard phishing scams, meant to tempt employees to click. If they do, they can receive training from KnowBe4’s experts to help them recognize scams.
Even with that extra layer of protection though, the worst can occur. Fortunately, even if it does, you don’t have to be on your own. With cybersecurity from Beacon IT Services (BITS), you’ll have safeguards and firewalls set up to prevent scammers from causing too much damage. In addition, our data recovery services can help you get you back on your feet after an attack with minimal downtime for your business.
Contact us today to get started on securing your network. After all, you never know what’s lurking in your email inbox.
(Oh look! An email from Amazan.com. My package shipped but they need me to click a link to confirm my address… oh, wait a minute… something’s not right here…)