Hack the Hack: How to Identify an Email Phishing Scam
:: By Alex Weinbaum, MioDatos ::
It's 7 a.m., and you’re one of the first people in the office.
As you fire up the computer and wait for your coffee to cool, you know it’s going to be a good day. The birds are chirping, your priorities are in check, and you’re eager to get to work.
You log into your email first, as you usually do, and see a string of unread messages.
As you scroll through your inbox, you subtly hum to yourself, “No, not important. Not important. I’ll reply to her later. Later, later. Junk, junk, junk...”
The usual mixed bag of urgent and meaningless messages.
But just before you exit from your email, one particular message catches your eye.
It’s an email from Venmo, informing you that your account has been hacked and their team is “diligently working” to take care of the problem. However, in order for Venmo to take necessary action, you will need to reenter your password and debit card information. Annoyed, but without hesitation, you comply to their demand.
No problem, right?
Wrong. You’ve just given a criminal all the information needed to wipeout your entire back account. And suddenly—a day that started out nearly perfect—has become a living, waking nightmare.
The Threat Grows within the Business World
Every second, email phishing scams like this occur within the walls of a business.
Cyber-criminals are more sophisticated than ever—deploying manipulative, clever, deviously crafted messages targeted towards business personnel, that cause shockwaves of reputational, personal and financial damages.
At times, email phishing scams are irreversible to repair.
The line between a legitimate email and phishing scam is becoming fainter by the day. Management must educate its employees, and help them to become cognizant and perceptive to this ever-evolving threat.
By enlightening your employees on how to identify phishing scams, you protect not only your business, but the safety and wellbeing of your staff.
Following are four things you should discuss with your team regarding what an email phishing scam might look like:
Hackers are not editors
Sure, cyber-criminals may be shrewdly skilled in their ploy, but they are not [usually] professional writers or editors. Grammatically incorrect copy within the text or subject line may be the most obvious indication of a phishing scam.
Reading emails slowly and carefully may seem a bit illogical, but it is an imperative component to not falling victim to virtual delinquents.
Identifying grammar mistakes isn’t something that is always blatantly noticeable. Sometimes it may be as trivial as: “to” instead of “too,” “affect” instead of “effect,” or “whom” instead of “who.”
The point is, professional or business-oriented emails are usually done by email marketers who are trained to write persuasively and properly; improperly spelled words or sentence structure isn’t likely to be from a person of a [actual] company.
Urges you to Take Immediate Action
Often times, one of the easiest and most effective methods of a successful phishing scam is to implement urgency.
It’s essentially “Black Market Email Marketing 101.”
Whether the email states you have 24 hours to “claim your prize,” instructs you to reenter your ID and password because an unauthorized user has accessed your account, or requires you to pay a sum of money in order to access your personal data [i.e., ransomware]—a genuine email will most likely never threaten its recipient.
Phishing scammers will use fear and intimidation against you to not only garner your attention, but to force you to act.
If you are unsure of an email’s context, don’t make any hasty decisions, instead:
• Call the company directly and speak with a representative
• Open up a new window and try to log into your account
• Look at the signature and see if the sender’s contact info is detailed and authentic
• Don’t click on any links or attachments, or give up personal information
Looking for Love in all the Wrong [Digital] Places
Like they say in marketing, “sex sells” right?
Well, no one understands this concept better than email scammers, who mischievously deploy love-laced memos to exploit people’s curiosities, fantasies, loneliness and yearning desire to find love.
It’s cruel, it’s manipulative, and it works.
These cyber-criminals want you to “click on a link” to access photos or enter a live chatroom, when in reality, they are looking to unleash a hellfire of malware or obtain personal/financial information.
Exploiting the Gray Areas of your Productivity
You and your team are busy.
Although a busy office is a good sign of a productive work environment, phishing scammers will try and use it to their advantage. That’s because cyber-criminals will strategize their approach based off of your [in]ability to recollect things you’ve done in the past.
It’s virtually impossible to remember each thing you signed up for, every account you created and each email you replied to. Phishing scammers realize this certainty, and will do everything in their power to reel you into their virtual booby-trap.
Here are some [poor memory] email themes phishing scammers will use:
• “Tell us about your experience with our service/product”
• “Your account has been approved. Get started now”
• “Congratulations! Your essay won the contest…”
• “Thank you for your donation. Click here to stay in touch with other donors”
• “We miss you! Try our services again for free”
• “Your trail is almost up, click here to extend your trail”
Things You Can Do to Stop a Phishing Scammer
• Hover over the link
o Without clicking, hover over the hyperlinked URL to ensure the web address isn’t different from the one shown.
• Be wary of attachments
o Unless it is a document, video, PDF, spreadsheet, PowerPoint, etc., that you requested—never download or open unfamiliar attachments.
o Don’t allow someone else in your office to be hacked. Alert your team, and the email service provider the malicious message was sent through.
• Adjust email setting
o Customize how junk mail is sent to you so you don’t mistakenly open malicious email.
• Security Software
o Don’t put your business at risk. Hiring an IT professional to install antivirus protection is imperative to you and your employee’s safety.
Take a look below at what an email phishing scam might look like:
About the Author
Alex Weinbaum is the content marketing specialist at MioDatos, the global leading provider in Synchronized Channel Marketing services. MioDatos provides businesses with a robust, automated platform for creating, scheduling and distributing co-branded digital marketing material for channel partners.