Our Service Desk has been seeing more and more “is this email safe?” or “help! I clicked on this link…” requests, and the emails that these users are referring to look surprisingly like the real thing. A payment approval from your boss, a congratulatory “You Won!” email from Amazon, or a notification from DropBox about a new file – these days’, cybercriminals are getting more and more sophisticated with their tactics for going after potential victims. Today we explore what a phishing email is, and some things to look out for when reading email.
What is a phishing email?
A phishing email is designed to request a user to go to a website to enter personal information like usernames, passwords, credit card numbers, social security, or bank account numbers with the goal of getting this information to exploit it for financial gain.
What do these emails look like?
Most of the time they are coming from what seems like a legit company (Facebook, Google, banking site, etc.) asking you to update your information
because of a security risk. There is usually a link that will take you to a legitmate-looking site, but is really a fake site recording the information you are putting in.
Example phishing email. Notice the "From" email address, and "mailto"? Not a typical DropBox email address!
How do I protect myself from these type of emails?
Anytime you see an email asking you to login or give information, be wary and check for these 5 things:
- Spelling and grammar: Most companies will have multiple reviews of emails before sending them out to their client base and have most likely fixed all spelling and grammar issues. If you see any issues with the spelling or grammar that could be a red flag.
- Asking for Money: This is always a red flag. Sometimes the email appears to be coming from a CEO or other executive asking to wire money to an account you never heard of. If this happens always call to confirm that it is an actual request.
- The Government: The government will never contact you via email asking for personal information. This includes the FBI and IRS.
- You Won: Sorry, but you most likely did not win anything or sign up to win something. So the email saying you won something and fill out the form to receive your prize is most likely not legit. These come in the form of the lottery, gift cards, or free stuff.
- URL mismatch: Make sure to see where the link is actually taking you. It could be a totally different site, or to a site that looks very similar. For example, it goes to cnm.com instead of cnn.com. You can usually hover over the link and see where it is going before clicking on it. The safest bet is to go directly to the site if you know it, (Don’t use the link provided). This will confirm if you need to update any information or not.
- Some email antispam providers offer what they call “URL defense” to address this. When URL defense is in place, any link in your company email will go through a filter before connecting you to the website. This will block any attempts at accessing a phishing site.
If something looks “fishy,” it is always better to take the extra time to review your email and make sure it is not a phishing attack. Contact your Lloyd team if you have any questions, or if you want to find out about solutions to help protect against these types of attacks.