Email Phishing: How to Recognize Suspicious Emails
November 2, 2016
By now, mostly everyone has heard of “phishing,” or the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. It is basically how criminals get you to provide them with information.
The most common method is to “spoof” an email which appears to be from a trusted sender but is actually from a hidden sender. People creating these emails are highly skilled and go to great lengths to construct an email that entices you to “click” or respond.
Sometimes these emails appear to come from within your organization (“spear phishing”) and can even have an almost identical email signature (logo, colors, and contact info).
Examples of this are:
- Emails that appear to come from support, a copier, or the accounting department
- Emails that come from a CEO or CFO for a wire transfer
- Emails that have PDF or Word documents attached that look like invoices or purchase orders
What can we do to protect ourselves
Here are some ways to identify some of these fraudulent emails:
- Never trust that a link will always take you to that website
For every link in an email (whether using a web browser, Outlook, or other email app), if you hover your mouse over the link, it will show you what the real destination web address is. If this does not match up with the link or takes you to a fake place, do not click!
- Create a secure method for processing wire transfers
If your organization utilizes wire transfers, make sure there is a company-approved process for using this method. You can add a step where the processor requires a verification code that only your company knows and if the code is not provided, no transfer is issued.
- Double-check attachments before opening
Most importantly, ensure that you have running and up-to-date antivirus software on your devices and that you keep up to date on their subscriptions. If there are attachments sent to your email that you have any hesitation on, always call or text the sender to ensure they are legitimate. Always err on the side of caution.
- Lock down what email servers are able to send email from your domain
Ok, so we couldn’t do a blog article about phishing without getting a little nerdy. Work with your email provider to set up proper SPF records. These are records that tell the Internet what email servers are allowed to send emails on behalf of your domain name. On the recipient side, ensure your email servers are configured to check that the email was sent from an approved email server.
Copeland Data has over 35 years of experience helping our clients secure email safety, and we might have a solution that’s right for your business. For more information about how to keep your inbox safe or to translate any of this blog article that you may not understand, please contact us and we will do our best to help.
The Internet of Things
December 13, 2017
DON’T IGNORE – IF YOU HAVE OUTLOOK 2007 – ACT NOW!
October 24, 2017
On Premises or Cloud
September 29, 2017
What is a good response time for IT Support?
June 29, 2017
More Businesses Installing Low Cost Digital Displays
March 24, 2017
“Gooligan” Infecting 30,000 Android Devices Daily
December 2, 2016
January 2017 Deadline for Securing your Website with HTTPS
November 17, 2016