Phishing scams — emails designed to induce people to reveal personal information — are becoming increasingly common and dangerous. As technology evolves, scammers are capable of creating more targeted and sophisticated attacks. Accounting Web recently reported that hackers are now even utilizing artificial intelligence to make their frauds seem more believable. With increased risks comes the need for greater prevention efforts. Follow these tips to keep you and your company safe:
Consider the source.
Who is the sender? Is it someone you recognize and have been in contact with before? If not, you’ll want to proceed with caution. Check the “to” and “from” addresses. If the message is addressed to a large number of recipients you don’t know or if you can’t see the recipients, the email is likely a phishing attempt. If the email says it is from your address, it’s not legitimate.
Be sure to read the sender’s email carefully. You might think the email looks real, but there are small giveaways that reveal scamming attempts. University-affiliated emails, for example, end in .edu, not .com.
Examine links carefully before clicking.
You should never click a link before verifying it. Hover the cursor over the link — without clicking — and check the destination website in the lower left corner of the screen. Pay careful attention to spelling. Hackers can leave out a letter or two in an address to fool you and direct you to a fake site. If a website says it’s taking you to nytime.com, pull up the New York Times website in a different browser and make sure the web addresses match up. If they don’t, don’t click.
This rule also applies to links that say things such as “Unsubscribe” or “Remove me from this list.” Don’t click these unless you know for sure the email is not a phishing attempt — clicking these links can install malware on your device. If the email didn’t pass the source check, don’t follow the links.
Evaluate the email’s content.
Three main factors can give away a phishing attempt:
- Typos and misspellings throughout the message. If the email is coming from a professional source, it should look professional.
- Promises of making money with minimal effort. If it sounds too good to be true, it probably is.
- Requests for money or personal information. You shouldn’t have to hand over money before starting a transaction, such as paying a processing fee, and professional companies will never ask for personal information such as account numbers, passwords, addresses and more over email. If you’re being asked for money or personal information, call the company to ask about the email. They can verify its validity.
Be careful with attachments.
Like links, attachments in emails can contain dangerous viruses and malware for your device. Don’t open attachments that arrive in uncommon formats, such as .pif or .scr, and never open attachments without first examining the source. If you know the sender, confirm that they sent the email and attachment before opening. If you don’t know the sender, thoroughly examine the email and source before opening an attachment.
The best rule of thumb: If something looks off, it probably is. When in doubt, don’t click, open or respond.
While these tips will help keep employees from clicking on dangerous links, the best way to prevent a breach is by having a cybersecurity plan in place and regularly updated. MDL Technology offers dedicated monitoring and support for your cybersecurity needs. Learn more about our services on our website.