Are you familiar with phishing?, If not you need to
Email phishing is a hot topic right now and has been rising for several years now. These emails are designed to fool you into clicking a link and have you enter your personal data or download malware. These scams have become so convincing that they have nearly a 30% success rate! That might not seem like a high number, but it affects 85% of all businesses.
At Cook Martin, we strive to help our clients avoid a wide variety of issues, including phishing attacks.
How Does Phishing Work?
Let’s look at how phishing scams operate. You receive an email from what appears to be a reputable source like ShareFile, QuickBooks, Microsoft, Apple, Yahoo, Google, Amazon or UPS.
You may receive an email from someone you know telling you to view a document in ShareFile or Dropbox. There are many iterations of this scam, and they can look very convincing.
The email will usually ask you to click on a link to download documents or change your password. Once you click on the link malware begins downloading to your computer, or a pop-up asks you for login information like usernames or passwords.
How to Guard Against a Phishing Attack
The best defense against phishing attacks is to become familiar with what you are up against. Here are some ways to help you spot a threat:
- Check the sender’s actual email address – not the name that shows up as the sender. You can do this by clicking reply and see what comes up. It should have the company name of the sender in the email address like johndoe@companyname. If it doesn’t contain the name – it is a scam and can be harmful. If it does contain the company name in the address that does not necessarily mean it is legitimate as scammers can spoof address.
- Read the contents of the email. Scammers are vague and generic. They put very little information in their emails, hoping you will click on the link to get more info. They will also create a sense of urgency by making you feel like you need to respond quickly. They often are not written well and will have poor grammar or misspelled words.
- Inspect the link. Scammers are good at creating links that look legitimate. For example, in ShareFile, the company name should be at the front of the address. Like cookmartin.sharefile.com is a legitimate ShareFile login address; however, Sharefile.company.com is not.
- Were you expecting this email? Is this how this company or person usually corresponds with me?
- Most emails are not encrypted, so companies would not ask for sensitive data like passwords through email.
- If you are not 100% sure then don’t risk it and don’t click on the link.
- If you suspect it is real, close the email, open a different browser, and log in to your account with the sender (if you have one). If Amazon, ShareFile, Dropbox, UPS, etc. really need you to act, there will be a direct message there in your account information in addition to any email they may have sent you.
You can be more successful at avoiding a Phishing attack by following these steps. If you have any questions or require additional information, please contact us at Cook Martin Poulson, P.C.