Most people have an email account, which means chances are you have encountered one of the many malicious phishing scams.
Scam emails are constantly evolving with the times and will focus on a relevant topic of the time, such as GDPR. They will put anything in the email to try and get you to click a link or download a file. However, once you know what to look out for, you will never be fooled.
Above is an example of the most basic form of phishing scams. This is a real email we received. It is basically trying to get the user to click that link with the pull of a large invoice. Firstly, you should look at how unofficial their email address looks. Bear in mind as well, the fact you know nothing about this supposed invoice. It’s better to be safe than sorry and check with the sender before clicking a link.
Most of these types of emails have no information about you, and just try to get you to action something urgent such as; a delivery being stopped, a large bill for something you didn’t buy or email address verification.
Another thing to look out for are very blatant spelling errors in official looking emails. There is no thought behind this type of phishing email, and they are sent out randomly to thousands of addresses.
Many people are used to standard phishing spam emails and don’t fall for them. However, spear-phishing is another level and we get many questions about it. Spear-phishing is when somebody has found out some information about you or your business. They then use that to make their fake email seem more legitimate.
In many cases they will pretend to be a member of the company or use a name they have found online. A popular form of spear-phishing at the moment is pretending to a CEO/manager. They will send emails requesting something to Payroll, HR or less senior employees. These people are more likely to click without asking questions.
If you receive one, question whether the email looks like your company emails, and whether the person would email you.
What to look for
This is a much more targeted scam than standard phishing scams and requires a trained eye to notice issues. If you the email you received asks you to click a link or download a file, thoroughly inspect the email address, the link address and file name.
If something looks a bit off, check with somebody.
Either the person you thought had sent it, or with us. We had something like this happen with a client very recently, as they got an email where somebody was pretending to be someone who works at the company. Since the employee names and email addresses are in the public domain, scammers try to replicate them and trick people.
And moving even further up…
The ‘whaling’ form of phishing is much like spear-phishing, but aimed at high profile, upper management email addresses. They are highly customised and personalised to try and trick the user into thinking the email is trustworthy and legitimate.
These types of emails may focus on the Managing Director, or Executive, or someone they can guess has admin access to several things within the company. The scammers try harder and spend more time preparing this spam email because they know if they can trick the high level user, they can likely gain access to most internal data in the company due to high security clearance.
These types of emails are an advanced form of spear-phishing but are also rarer as they are not automated. In this situation the scammers will do heavy amounts of research into what this person would open in an email, which it makes it essential to educate all staff in what to look for, and to have proper security measures in place.
Contact us today
If you are unsure about an email you have received, we are more than happy to take a look for you.
Worried about your security if a phishing email was clicked on? Head over to our Security And GDPR page for more information
Call 01212700808 or send the email with a message to firstname.lastname@example.org
If you have found this blog helpful, you may wish to read our previous blog on Business IT Solutions.