Phishing emails are nothing new, and unfortunately continue to increase exponentially in volume. They are a serious threat to both companies and individual internet users, as they often result in devastating financial losses.
Phishing emails can be much harder to recognize than many business owners think, as cybercriminals have resorted to increasingly sophisticated phishing strategies. Business email compromise (BEC) scams are more successful than ever, with losses reaching almost $3 billion in 2018.
Here are some common phishing trends that all business owners should know about and tips for educating employees about them:
What are phishing scams?
Phishing emails get their name because the hackers are “fishing” for your personal information. They typically consist of emails that seem harmless but are actually intended to trick users into sharing sensitive information. This can be accomplished by encouraging the user to click on a malicious link or attachment.
Most phishing emails appear legitimate, often by imitating a company’s logo and including opt-out instructions. For this reason, it’s quite common for recipients to be fooled, and even large companies have fallen prey to these scams.
Common phishing trends.
There are many techniques hackers use to launch a phishing attack. A few of the most common ones are:
- Invoice phishing: These emails claim the recipient has an outstanding invoice from a well-known company, bank, or vendor. The email instructs the recipient to click on a link to pay the invoice. But when they click on the link and access the site, the hackers steal their personal information and gain access to their bank accounts.
- The virus or compromised account: Viruses and compromised accounts cause users to receive an email from a third-party company claiming one of their accounts has been compromised. The email instructs the user to log in to reset their password or to download a form, fill in their personal information, and return it. However, legitimate companies would never request your personal information through email in this manner.
- Payment and delivery scam: This tactic involves sending emails from what appears to be a legitimate vendor, asking for a user’s credit card information. They typically claim your payment information needs to be updated before they will deliver your order. Be careful with these emails, especially if you haven’t purchased anything from the vendor.
- Downloads: Download scams send an email instructing recipients to click on a link. These emails often contain hyperlinks that could download a malicious file onto the user’s computer. Never click on an email link unless you are absolutely sure the sender is who they claim to be.
Tips for spotting phishing emails.
Although phishing emails often mimic actual companies and vendors, there are ways to detect them. You should be aware of the following red flags that indicate a possible phishing email:
- The email contains links or URLs that direct you to the wrong website or try to get you to access a third-party site.
- You receive an email from a company requesting sensitive information such as a social security number, bank account information, or credit card numbers.
- You find an unexpected email in your inbox from a person, vendor, or company that you rarely or never deal with.
- The email has obvious errors like typos, poor grammar, or incorrect information.
- The email address of the sender is incorrect, although it is close to the actual email address.
Phishing scams remain a very common type of cybercrime, and can cause major financial losses to individual users and companies. And phishing emails are much more sophisticated these days, making them harder to detect. If you’re a business owner, it’s essential to be aware of phishing techniques and red flags, and to educate your employees on them. By doing so, you can help protect your company from financial losses and other serious consequences.