Phishing is a type of cyberattack. Phishing attacks are fraudulent methods of obtaining important and sensitive information such as usernames, passwords, and credit card details.
Phishing characteristics
Hackers and cybercriminals will always try to find an opening to obtain important personal and company information. One of the most important things you can do as a business owner is protect your data. Recognize phishing attempts early as a preventative measure.
Here are some of the most common indicators of a phishing attempt:
Grammar and spelling mistakes
Email is still one of the most popular ways of phishing attempts. Most emails that come from untrusted sources are not written by professionals. For this reason, grammar and spelling mistakes in email content are common. The people spreading these phishing emails don’t hire professional copywriters like professional businesses, so the emails have a lot of spelling and grammatical errors – e.g. capitalization errors, informal language style, incomplete spelling, etc.
Receiving emails at unusual times
If you’re used to receiving work-related emails during normal working hours, but suddenly get an email from your boss after 11pm, it could be an attempt to phish you. Or, if the email comes in the middle of a Saturday or Sunday, and other abnormal hours.
Threatening tone
Another sign that an email is malicious is if it threatens you or makes you feel like you need to act quickly. The email may contain warnings about account suspension or pressure to respond within 24 hours. If you don’t respond immediately, your security is threatened.
Suspicious attachments
Phishers often use phishing emails to send attachments. Many people are curious about the contents and open and click on any links or buttons within. The attachment may be a Word document or a .zip file. If opened, the attachment can infect your computer with malware that steals your login credentials. So, if you get an email with a suspicious attachment, don’t click it!
You never initiated the discussion
Phishing attempts are often initiated by scammers or hackers who send emails to random people and hope that someone falls for it. Many emails state that the recipient has won a prize, is eligible if they reply immediately, and will not be eligible if they do not respond. This kind of email is definitely spam and phishing.
Suspicious email addresses, hyperlinks, and domain names
Check if the email address matches the domain name or website of the organization being impersonated. For example, if you receive a message claiming to be from Microsoft, but it uses an email ending in @yahoo.com or @gmail.com, it’s a sure bet that it’s fake and an attempt at phishing. If there is a hyperlink in the email, hover over it to see which URL you will be directed to. If the website you’re directed to is different from the email, it’s probably a scam.
Emails with short descriptions
Not all phishing emails are long and detailed. Short emails can trick you into thinking they are legit. These types of short emails are usually brief and to the point -often starting with “this is the information you requested” and then immediately attaching a malware file. These messages may include vague requests for information bundled with attachments titled “additional information” in hopes of luring victims into clicking on them and compromising their computer security.
Colonial Pipeline case becomes the biggest phishing scam of all time
Millions of Americans in May 2021 were affected by a cyber attack after fuel supplier Colonial Pipeline was crippled by a ransomware attack. Although ransomware was responsible for most of the damage, attackers were only able to plant the malicious software after gaining access to employee passwords. The most likely way was through phishing emails. The losses suffered by the company amounted to 3.4 billion Euros.
