Avoid Phishing Emails

Phishing emails are all about tricking someone into divulging personal, company and/or financial information. The trick is to entice the recipient of the email to click on a link which might ask for a username and password or provide the connection needed for the phisher to download malware onto the recipient’s computer.

Phishing emails often have these common characteristics:

• Unexpected
• Express urgency
• Unfamiliar sender

There is a possibility you too can be fooled. To avoid phishing scams, pay close attention to the email sender’s tone (friendly and casual vs. formal and stilted) and communication style, especially the grammar and spelling of the message. Beware of all links and attachments. A little skepticism can be good!

The emails may be “off” in some way but usually are somewhat plausible. Masquerading as a legitimate source, the criminal poses as a known sender.

Scammers send out official-sounding emails, hoping to gain your trust and lull you into letting your guard down. The emails may impersonate a well-known brand, such as a delivery service or technology company. Phishing emails often pretend to originate from Amazon, Apple, Microsoft, or PayPal. The scam email may include a fake government notice or a fake notification that you have won a contest. To capture your login credentials, phishers design authentic-looking websites, mimicking the sites and logos of official banks and businesses.

Email Account Takeover Example

Phishing emails are the leading attack vector for criminals to gain access to your computer or email account. Executives, bookkeepers and financial managers are often targeted because they have access to a company’s money. Based on their trusted positions inside organizations, their emails convey unstated authority and urgency.

If a vendor, friend or coworker falls for a phishing scam, their identity or email account can be taken over. Commonly known as Email Account Takeover, this fraud combines the attack methods of impersonation, relationship-building and banking. The hacker can control a legitimate email account, impersonates the real account holder and starts the scam.

When hackers insert themselves into the middle of a payment between two parties, the impersonation can result in a quick in-and-out cash-in on a large transaction. In a common scam, the criminal gains access to a vendor’s email account and watches the inbox, waiting for a transaction to monetize. The payoff comes when the hacker communicates directly from the vendor’s account.

When this fraud is successful, the hacker socially engineers the email recipient into a false sense of security using an official-looking banking form and an urgent tone. Most wire transfer frauds depend on fast-moving communication in which the email recipient wrongly assumes they are talking with a trusted contact.

You may wonder how the hacker got into the email account in the first place. The account takeover occurs when an email account owner downloads malware by opening an attachment or clicking on a link in a phishing email or entering their credentials on a fake website.

Each of us plays a critical role in stopping cybercrime. Do your part to become security aware.

Be Proactive with Email Security

• Don’t click on links in emails without verifying the email sender.
• Hover (don’t click) over links to reveal their destination.
• Don’t open attachments.
• Trust your instincts. If it feels wrong, it probably is. Disengage or proceed with extreme caution.
• Using a verified contact phone number, call the contact.