Spotting a phishing scam can be quite difficult. If it were easy to detect, it wouldn’t be a $500-million-a-year industry.
To execute phishing scams, cyber criminals don’t need to create complex scripts or break through firewalls to make their millions; they just need their victims to fall for manipulative emails and counterfeit websites that ask for sensitive information.
Training your staff to recognize a phishing scam is all about watching out for a few telltale signs.
Misleading and mismatched URLs
Suppose you receive an email asking you to click a Gmail link. In this scenario, the scammer would tell you the link is to a Gmail domain, www.gmail.com, but upon further inspection the reader would notice an unfamiliar name in the latter part of the URL. In other words, if you hover over the link and see that it takes you to www.google.xxxzzz.com, you can be sure it’s a scam.
Mismatched URLs are also a good indicator of phishing attempts. In those cases, scammers include a recognizable name such as Gmail, Yahoo, or Microsoft in the body of the email, and embed it with a malicious hyperlink. If you’re unsure whether to click the link, hover your mouse over it and check whether it matches the name it’s linked to.
For example, a Gmail hyperlink should be embedded with www.gmail.com and not with something else. Make sure your employees always hover over the URLs in their emails before clicking them.
Unusual requests
There are certain types of information that banks and other financial institutions will never ask you for via email, including:
- Online banking passwords and ATM PIN
- Bank account or credit card numbers
- Password reset requests with clickable links
- Request to transfer funds
If you encounter these or any other similar correspondence from your bank, call their official hotline to report these or any types of unusual requests.
Suspicious content
Some phishing scammers take a creative and elaborate approach, as in the case of a recent phishing attack that almost perfectly recreated receipts and flight itineraries to dupe targets into clicking a link that contained malware. Such attacks have an astounding 90% open rate because they’re carefully executed and highly customized to make them believable.
Attackers may also impersonate a bank or a government agency and provide fake warnings about compromised accounts and other dangers. These messages usually ask victims to disclose their personal information in order to remedy the situation.
As with other unusual requests received via email, it's best to contact the sending institution to verify the veracity of the email before providing any information.
Something’s just not right
Cyber security experts did not obtain their professional certifications so they could tell clients to trust their instincts, but sometimes that’s really all it takes. When something about an email just doesn’t seem right -- even if it doesn't contain any of the warning signs we've discussed -- go with your gut and inform your company’s IT staff right away.
Cyber criminals will continue to expand their arsenal, but businesses have plenty of ways to defend themselves against phishing and other threats. When you combine staff awareness, proactive network security practices, and the expertise of a dependable cyber security partner, your business will remain unharmed by even the most sophisticated phishing scams.
When dealing with clients’ cyber security issues, the experts at Fluid Networks use both their instincts and tried-and-tested security solutions that provide compliant, end-to-end protection for enterprises. There are a myriad of ways cyber criminals will try to compromise your data and just as many ways to combat them. Call us today for advice.