Monday, 20 March 2017

(Not Always Obvious) Things to Look Out for to Avoid Phishing Scams

Phishing scams are incredibly common nowadays. Luckily anyone who uses a computer on a daily basis is now very used to ignoring the most obvious types of phishing emails. One of the downsides of peopl

 

Phishing scams are incredibly common nowadays. Luckily anyone who uses a computer on a daily basis is now very used to ignoring the most obvious types of phishing emails with poor spelling or grammar in the content; not to mention that those that are sent out en masse will nearly always be caught by professional spam filters.

One of the downsides of people being warier of phishing scams, however, is that the scammers have become a lot more sophisticated over the years, with them going to great lengths in order to extort money from businesses and individuals.

If part of your job is corresponding on the phone or via email, then you need to be aware of the tell tale signs of a phishing scam so you can avoid falling victim to it.

Some companies now have a blanket policy of disciplining staff who click on phishing emails, and although it's debatable whether this is the best approach, you still want to take any precautions you can in order to avoid being at fault.

With this in mind, below are some typical signs of a phishing scam.

 

1. A Sense of Urgency or Scarcity

One very common tactic that scammers use when trying to extort money from a company is to create a sense of panic or urgency. They might call or email you posing as a senior person in the company, or as a representative of another company that yours does business with, saying that a certain amount of money has to be transferred immediately.

Many companies have fallen victim to this type of phishing scam since it often only relies on one weak link within the organisation for it to be effective.

If it sounds "phishy", it probably is, so check with someone senior or have a cross-check process in place to prevent this.

 

2. False Email Addresses

A very obvious yet also easy-to-miss sign of a phishing email scam is the use of a false or 'spoofed' email address that's very similar to that of somebody within your organisation. For example, a phishing email might come from john.smith@yourcompany.co.uk rather than johnsmith@yourcompany.co.uk. These small differences can be missed quite easily, especially since scammers will often use attention-grabbing email titles to draw your attention away from the email address itself.

If you smell a rat, check the email address display name is correct and if in doubt check the header too.

 

3. Reciprocation

Another common tactic that's used by phishing scammers is reciprocation. In practice, this is usually done by the scammer calling your company and offering to help in some way, usually by saying they're from your IT company or department. Or they may be from your 'bank' or other body... suggesting that there are some computers infected with a virus that hasn't been detected by the anti-virus software that's in place.

They will run you through some checks and after that they will usually ask for something in return, such as testing out a piece of software on the system. Because they have offered something first, people are often unsuspecting or hesitant to refuse, especially if they believe the person to be trustworthy.

 

4. Fake CEO Scam

The 'Fake CEO' or 'Bogus Boss' email phishing scam has cost companies millions over the last few years. The way this scam usually works is that a person, often the accountant or financial controller, will be called by somebody saying that the CEO or MD will be sending an email with instructions for a confident, and often “urgent”, transaction.

Fake CEO scams often happen very quickly and those who perpetrate it will often create a sense of urgency so the person at the company doesn't have time to think and consider that something unusual is going on.

Equally they can be a process that lasts many months to build rapport and trust before going for the kill with the real intention of defrauding you.

A lot of companies are now taking steps with clear processes or escalation for such requests to avoid this type of scam since it can be potentially devastating, especially for smaller companies who cannot afford to lose thousands of pounds.

 

5. Suspect Links in the Email Body

Although many phishing scams that target businesses are now very elaborate, that doesn't mean that old-fashioned phishing techniques aren't used too. There are still many emails that are sent to people within organisations in an attempt to have them log in to bogus but legitimate looking websites in order to obtain sensitive information, password details or to infect your machine.

If you use a professional Email Security Solution with "URL defense" then you will have far greater protection against this type of threat.

If you receive any emails with links in them, you should always be sure they're legitimate before clicking on them; particularly if they're from an email address that you don't recognise.

 

If you're concerned about security in your business, then Grant McGregor offer a range of IT support services for businesses and IT managers. Get in touch on 0131 603 7910 to find out more.

You can also download our FREE 15 Point Security Checklist here.

 

Image source: Pexels