Fake email campaigns that seek to steal information, extort money, or infiltrate your computer with malware, viruses, or trojans, are referred to as phishing scams or spoof emails. It is as if the sender of these emails are fishing for personal information or funds. If you have an email account, you have most likely seen a phishing attempt. According to Phishing.org, the word is spelled with a “ph” because it dates back to when hackers used phone lines and were referred to as phone freaks, or phreaks. The term carried over to more up-to-date technology, becoming a common means of communication.
A single click of a link found in an email can the beginning to a nightmare. To avoid being scammed personally or having your entire small business network compromised, you will want to know how to recognize potential phishing scams and what to do if you spot one.
False claims or offers and requests for information or funds
Phishing emails are designed to gather information about people by tricking them into entering passwords onto web pages that look authentic. The goal is to be able to extort money or download intrusive software onto your computer or phone. Obvious phishing attempts, such as the rich Nigerian prince scam where he wants to send you money, may be easy to spot, but what about the email that looks like it came from someone you know and trust? These spoofers will go to great lengths to make the email or the links and web pages look trustworthy. This means even masquerading as a trusted friend, store, or financial institution. View all incoming email as a potential threat unless you are certain of its origins.
Mismatched URLs and attachments
To be successful at phishing, the sender works hard to trick you into thinking the scam is legit. One telltale sign that an email is phony is when you can see that the URL address does not match the website. These mismatched website addresses are evident throughout the email. Never click on a link directly from a suspicious email. Without clicking your mouse, hover over the suspected web address to see the URL, and then investigate it. The address may not be for the the official website of the company that appears in the email. Never open an attachment from an unverified source, as it may cause serious damage to your computer or launch a program taking your email address in an effort to use to fool someone else into thinking the phishing email came from you.
Typos and grammatical errors
Legitimate organizations take great pride in their marketing campaigns and pay close attention to details, so if the email is really from a trusted source, it will most likely be proofread for grammatical errors before launching it to thousands of customers. This is especially true of their logo or company’s slogans. Phishing attempts on the other hand, often come from foreign countries with typists who are not fluent in your language. Look closely at the subject line and the contents of the message. Phishing scams will contain subtle typos or grammatical errors, and sometimes even obvious ones.
Use common sense
One of the most important ways to head off a phishing attempt before it takes hold is to use common sense. Think before you click and you may avoid becoming the next victim of a phishing attempt. If an offer sounds too good to be true, it probably is.
There is no fail-proof method that will stop all phishing attempts in their tracks, but you can prevent several by making sure you have an updated antivirus program as well as spam filters in place on your email server. Treat all email communications with caution, especially if it contains an attachment or a link. When you spot a questionable email that has all of the earmarks of a phishing attempt, don’t open it. According to the Federal Trade Commission (FTC), you should report it. If you have been tricked by a phishing attempt, file a report with FTC.
This article was written by Tere Scott for Small Business Pulse