Are you sure that email from FedEx is actually from FedEx?
A major problem for small businesses is recognizing phishing emails. Oftentimes, hackers trick employees into clicking malware infected zip files and malicious links in emails that redirect to fake landing pages. This type of cybercrime involving sending fraudulent emails that appear to come from a reputable company with the aim to steal financial and confidential information is known as phishing — and it’s a real threat.
Phishing Email Threats
According to a 2018 Data Breach Investigations Report by Verizon, almost half of malware (49 percent) is installed via email. This is because a large percent of people in the workplace cannot identify a phishing email. Since people cannot identify phishing emails, simple errors generate a significant percentage of data breaches, reports Verizon.
“Ignore the stereotype of sophisticated cybercriminals targeting billion-dollar businesses,” Verizon writes in its report. “Most attacks are opportunistic and target not the wealthy or famous, but the unprepared.”
If you and your employees don’t know how to identify a phishing email, your business is at risk. Everyone needs to know how to spot a phishing email and play their part in avoiding the threat.
How to Spot a Phishing Email
Some of the most common ways to spot a phishing email include:
- Fake email addresses: Phishing emails use fake email addresses that imitate a known brand, such as PeyPal@info.com or ApplePaySupport@fasteb.com.
- Impersonal messages: Phishing emails don’t address you by your name. Instead, they use general addresses like “Dear Apple User.”
- Fear tactics: Phishing emails use scare tactics like threats to close accounts to create a sense of urgency and cause you to make hasty or impulsive decisions that can prove disastrous.
If you click on a link in an email (or on a website) taking you to a landing page, inspect the page to see if it is a genuine landing page or a fake one.
How to Spot a Fake Landing Page
Some of the things to look out for to determine if a landing page is fake include:
- Incorrect website address: Fake landing pages attempt to mimic the web address of a legitimate company, but errors such as misspellings and unsecure connections denote a phishing scam.
- Missing navigation and footer: Fake landing pages are often bare-bones, sometimes missing both the header and footer in the web page.
- Information collection: Fake landing pages will almost always include some type of information collection form that deviates slightly from the company’s legitimate landing page.
If you are not sure a landing page or email belongs to a legitimate company, don’t click links, confirm your personal data or download file attachments from it.
More Tips to Recognize Phishing Scams – Infographic
Varonis Systems, Inc., which provides solutions to protect data from insider threats and cyberattacks, offers additional tips to recognize phishing scams. Check out the infographic they created below for more ways to identify a phishing email and things to look out for in a fake landing page: