How To Recognize Phishing
By: Jenny Grounds - Chief Marketing Officer, Cybercrime Support Network
Scammers will send emails or text messages disguised as a trusted person or company to you and your employees. These are designed to come from your bank, credit card company, social networking site or an online service. If successful, they are able to access your email, bank or other accounts, potentially impacting your finances, identity, or reputation.
Scammers are savvy and often update their tactics, but there are some signs that will help you recognize a phishing email or text message.
Phishing emails and text messages usually attempt to trick you into clicking on a link. They may:
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem or change to your account or your payment information
- claim there’s a problem with the shipping information or to re/schedule delivery
- say you must confirm your personal information
- include a fake invoice you must pay
- want you to click on a link to make a payment
- say you’re eligible to register for a government refund
- offer a coupon for free stuff
Here’s an example of a phishing email.
Imagine you saw this in your inbox. Do you see any signs that it’s a scam? Let’s take a look.
- The email looks like it’s from a company you may know and trust: Netflix. It even uses a Netflix logo and header.
- The email says your account is on hold because of a billing problem.
- The email has a generic greeting, “Hi Dear.” If you have an account with the business, it probably wouldn’t use a generic greeting like this.
- The email invites you to click on a link to update your payment details.
- The email invites you to contact the “Help Centre” (as spelled in British English) instead of the “Help Center” (as spelled in the U.S.).
If you or an employee clicked on a phishing email, don’t panic!
Follow these steps immediately to take action:
- If the phishing email link is related to an insurance scam, contact your insurance provider’s fraud department immediately.
- Notify your IT or security department and follow their instructions.
- If you entered a password on the phishing link, change the password for that account and any other accounts that use the same password, right away.
- Enable two factor authentication (2FA) on all of your accounts.
- If it’s possible that other employees may have received a similar phishing email, notify all employees of the phishing attack.
- Run a virus scan on all computers and devices connected to your business network.
- Monitor your account activity for suspicious changes or charges. If you see something, contact the company right away.
How To Protect Yourself From Phishing Attacks
Email spam filters do a great job of keeping many phishing emails out of your inbox. But scammers are always trying to outsmart them, so it’s a good idea to add extra layers of protection. Here are four steps you can take today to protect yourself from phishing attacks.
- Turn on any anti-phishing rules or assistance your email provider has.
- Protect your accounts by using multi-factor authentication, such as using a one-time password or pin number through an authenticator app or a text message sent to your phone.
- Educate employees on how to recognize a phishing attack and why it’s important to look out for them.
- Educate your employees on why they should never use their work email addresses for personal reasons (or vice versa!) as this would make it easier for a phishing email like the Netflix one above to slip through your security.
If you do mistakenly click on a phishing email link or provide sensitive information to a potential scammer related to insurance scams, start by contacting your insurance provider’s fraud department, inform them of the incident, and utilize any resources they may provide. Next, go to FightCybercrime.org to find additional resources to report, recover and reinforce your security. Phishing emails can be reported to your email service and forwarded to the Anti-Phishing Working Group (APWG) at reportphishing@apwg.org.
If you want to learn the three golden rules to spot a scam, visit the CSN and Google partnership site, ScamSpotter.org. More information about cybercrime, tips on immediate action steps if you’ve encountered a scam and resources to recover can be found on FightCybercrime.org. Follow CSN on Twitter, Facebook, LinkedIn, and YouTube . For more insight, subscribe to our newsletter, where we provide updates about everything going on within CSN.