Are you sure that the email you received from Amazon is really from Amazon? You and your employees are often targeted by cybercriminals with emails designed to look like they are from legitimate sources. These emails typically contain a link that the sender will ask you to click which will send you to another page where they will confirm personal data and account information.

 

What is phishing?

 

Phishing is a technique that hackers use to con you or your employees into providing personal information or account data. Once hackers obtain your login info, they will create new user credentials or install malware into your machine to beginning stealing your critical data. THIS IS SCARY!

Phishing emails these days are sophisticated and look completely legitimate. It has become increasingly difficult to distinguish a fake email from a verified one, but there are key clues to look for when trying to decide. Below are some phishing email examples to help you recognize a malicious when you receive one. And, trust us, you will receive one.

 

Legitimate companies do NOT request your sensitive information via email

 

If you receive an unsolicited email with a link or attachment that asks you to provide sensitive information, it is most likely a scam. Frequently, companies will not send you emails requesting passwords, credit card information, credit scores, or tax numbers, etc…

 

Legitimate businesses will refer to you by name

 

Phishing emails generally begin with a generic greeting, such as “Dear valued member,” “Dear account holder,” or “Dear customer.” If a company you do business with required information about your account, the email would call you by name and ask that you contact them by phone.

 

BUT some hackers simply avoid the salutation altogether. This is especially common with advertisements. The phishing email below is an excellent example. Everything in it is perfect. So, how would you spot it as potentially malicious?

 

Legit companies have domain emails

 

Do not just check the name of the person sending you the email. Check their email address by hovering your mouse over the ‘from’ address. Make sure no alterations (like additional numbers or letters) have been made. Check out the difference between these two email addresses as an example of altered emails: michelle@paypal.com michelle@paypal23.com Just remember, this is not a foolproof method. Sometimes companies make use of unique or varied domains to send emails, and some smaller companies use third-party email providers.

 

Legit companies know how to spell

 

The easiest way to recognize a scammy email is bad grammar. An email from a legitimate organization should be professionally written. Little known fact – there is a purpose behind bad syntax. Hackers are not stupid. They prey on the uneducated believing them to be less observant and thus, easier targets.

 

Legit companies do not force you to their website

 

Sometimes phishing emails are coded entirely as a hyperlink. Therefore, clicking accidentally or deliberately anywhere in the email will open a fake web page, or download spam onto your computer.

 

Legit companies do not send unsolicited attachments

 

Unsolicited emails that contain attachments reek of hackers. Typically, authentic institutions do not randomly send you emails with attachments but instead direct you to download documents or files on their own website.

 

Like the tips above, this method is not foolproof. Sometimes companies that already have your email will send you information, such as a white paper, that may require a download. In that case, be on the lookout for high-risk attachment file types include .exe, .scr, and .zip. (When in doubt, contact the company directly using contact information obtained from their actual website.)

 

Legit company links match legitimate URLs

Just because a link says it is going to send you to one place, does not mean it is going to. Double-check URLs. If the link in the text is not identical to the URL displayed as the cursor hovers over the link, that is a sure sign you will be taken to a site you do not want to visit. If a hyperlink’s URL does not seem correct or does not match the context of the email, do not trust it. Ensure additional security by hovering your mouse over embedded links (without clicking!) and ensure the link begins with HTTPS://.

 

It does not matter if you have the most secure security system in the world. It takes only one untrained employee to be fooled by a phishing attack and give away the data you have worked so hard to protect. Make sure both you and your employees understand these specific email phishing examples and all the telltale signs of a phishing attempt.