Phishing and spear-phishing emails are an ever-present problem to businesses, and the criminals are only getting better at fooling people. Understanding and being able to spot phishing and spear-phishing emails is a vital part of employee training at Anderson Technologies. But reading about how to spot them and actually spotting emails are different things.
Worse yet, the phishing websites those email links go to often appear legitimate, right down to having the secure lock icon in the browser. In their 2018 1st Quarter Report, the Anti-Phishing Working Group notes that “more than a third of phishing attacks [reported to them] were hosted on web sites that had HTTPS and SSL certificates.” They attribute this in part to the fact that consumers believe they can trust all HTTPS sites, or they at least recognize a site without encryption asking for personal or financial information is not secure.
It’s vital to know whether your email is a legitimate business interest or a scam hoping to trap you, but how confident are you to do so? Take our quiz to see if you can tell the difference between a legitimate email and a fake one.
Hopefully you were an expert phisherman, but if not, it’s not too late to brush up on some basics.
- Know what you’ve ordered and who your vendors are. If you didn’t order anything from the person, don’t trust their emails.
- Always check the sender’s address before clicking on links or attachments, even if it looks like a company you trust.
- Read the email completely before clicking links. Poor grammar or obvious spelling/branding mistakes are key signs of phishing emails.
- If you’re unsure if an email is really from a company you trust, go to their website manually, not through a link provided in the email. If it’s real, you can look up the information through your account, and if not, you’ve just protected yourself.
- Don’t panic! Urgent calls for action to avoid loss of service or legal action are meant to upset you. Don’t let them. Read everything carefully and verify there’s a problem by using the service mentioned or calling the company using the number on their website, not in the email.
- If all else fails, Google it. These emails are widespread and a quick Google search will most likely bring up a hundred different people receiving the same fraudulent email.
If you’d like a refresher course on e-mail safety, contact Anderson Technologies to schedule an employee cyber security training seminar. Reach us by email at firstname.lastname@example.org or by phone at 314.394.3001.