Phishing scams are rising year on year. In 2021, over one in three Canadians were targeted by a phishing attack. Given the notoriety of these scams, it’s vital that individuals learn the signs to recognize these scams so they don’t fall victim.
What is Phishing?
Phishing is a form of cyber attack in which a cybercriminal tricks an individual into sharing sensitive information or downloading malware onto their device. These attacks take many forms; they can be conducted via text, phone, email or even social media – although the most prevalent form of scam is undeniably email.
Phishing emails are particularly effective because hackers can send out mass campaigns, reaching millions of users with a single scam. While some phishing emails go straight to victims’ junk boxes, well-crafted emails will bypass email filtering tools and land directly in people’s inboxes, hiding among other legitimate communications.
Unfortunately, it’s not always easy to spot these scams unless you know what to look for. Often, cybercriminals will pose as authoritative legitimate brands such as Microsoft or Zoom, which makes it far more likely that potential victims will click on the email and follow the instructions inside.
Am I Vulnerable to Phishing?
You might think that your business is too small to become embroiled in a phishing attack, but this isn’t the case. As we’ve already noted, mass scams do not discriminate based on a business’ size or sector. Attackers cast the net as far and wide as they can in the hope that someone – or at least a few people – will fall for the bait.
Then, there’s also the risk of spear phishing attacks. In these incidents, a hacker will craft a targeted attack against your company, doing prior research and gaining as much information as possible to then craft an eerily realistic, personalized email to one of your employees. Even though the email is fraudulent, it will appear completely legitimate and persuasive.
There has been an unprecedented increase in spear phishing attacks that are driven by criminals who have prior knowledge or access to another compromised system. If a criminal can gain access to the email account of one business, they can sift through the messages to find out who that person regularly communicates with, their writing style, and can even setup special forwarding rules to keep any fraudulent communications hidden from the account holder. This kind of access has been used more frequently to extract funds by EFT transfer, wire transfer, or some other form of online payment that looks legitimate to the target but is actually a fraudulent transfer.
Even if a phishing message lands in your inbox, that doesn’t mean the attack is successful. Phishing only works if you follow the instructions within the email. The good news is that, generally speaking, phishing emails have a few characteristics in common that you can look out for. These are:
They are Authoritative
Hackers tend to pose as trusted or well-known bodies, such as banks, hospitals, government departments or big tech brands. This is because people are more likely to trust representatives in authority and do what they say – even if the request seems unusual. They will try to make the email look legitimate by using forged signatures and look-alike domains.
They invoke Urgency
Criminals know that when people have time to think and analyse they can see through the scam and so they will create a false sense of urgency to elicit a desired action from their targer. They want their victims to act as soon as they receive the email, without thinking too much about the request. As such, there’s often a sense of urgency to these scams. The email may say you need to act within an hour or a day, or you could receive a fine, have information released publicly, or they’ll have some other method of inducing urgency to the desired action.
They prey on our Emotions
To add to a sense of urgency, attackers will often use emotive language in their emails, hoping to create panic or fear in the victim, which in turn compels them to act. They know that most people are not familiar enough with technology and can’t quickly spot a fake email so they will design their email to tug on those heartstrings. They know that people make decisions based largely on emotions and fear is a particularly strong motivator, so many phishing emails will focus on a negative outcome that can be avoided with a certain action from the targeted victim.
Some are Too good to be true
Another tactic malicious actors use is to offer an opportunity that sounds to be good to be true, like money or free concert tickets out of the blue. We’ve all seen emails promising untold riches from a long lost family member – the reason these kinds of emails still get sent is because some people are falling for them, sending money in hopes of receiving even more in return.
Spelling errors, poor grammar and unusual email addresses
Often, phishing emails will come from a supposedly trusted source – but you’ll notice there are spelling errors in the message, or that it comes from an email address you haven’t heard from before. Large, professional organizations pay attention to the little details, they are unlikely to have simple errors in their emails and will be particularly attentive to any of their company branded content like an email signature, logo, etc.
How To Check If An Email Is Genuine
As phishing emails become more persuasive, it can be tricky to tell if a message is real or not – even with the above tips in mind. To help identify a fraudulent email we recommend using the SLAM method which stands for Sender, Links, Attachment, Message.
If you feel suspicious about an email you’ve received, contact the organization responsible for the message directly to verify. But don’t use the email address or phone number associated with the text or message. Instead, type in the organization’s website on Google and use the contact details from there.
Layer Your Defenses
While educating your staff about phishing is a proven way to reduce the likelihood of a scam being successful, you can’t rely on you or your employees alone to beat this threat. In the busy workplace, it takes just one error or quick misjudgment to fall victim to a phishing scam.
To that end, you need to widen your defenses with technical measures. This will reduce the number of phishing emails that land in your employees’ inboxes, as well as help you detect phishing attacks and tackle them before they have an impact.
Get Help Combating Phishing Attacks
As phishing attacks become more sophisticated, it’s crucial to have robust security measures in place. Our team can provide the training and software you need to stay safe. Contact us today to learn more.