Fake emails have become more prominent in recent years. They are increasing in occurrence, and the U.S. Department of Justice received 2,453 complaints of ransomware in 2015. According to the same report, those complaints resulted in a total of $1.6 million in losses.
Even with security in place, phishing emails can still get through. The first line of defense against these emails are your employees. They must be able to identify a phishing email in order to keep themselves and your company safe and secure.
What to look for in a fake email
1. The display name is off
A popular tactic of cyber criminals is to spoof the display name of an email. How it works: If a criminal wanted to spoof the hypothetical brand “My Bank,” the email may look something like:
Image Source: Estelle Derouet/https://blog.returnpath.com/10-tips-on-how-to-identify-a-phishing-or-spoofing-email-v2/
2. Analyze the greeting
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.
3. Mismatched URL (website address)
Oftentimes, the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.
4. Email contains poor spelling and grammar
If a message is filled with poor grammar or spelling mistakes, it probably didn’t come from a major corporation’s legal department or a trusted person.
5. Immediate action required
A simple tactic that warns the recipient if action is not taken an account will be closed or put on hold or there has been fraudulent activity that needs their timely response.
Image source: Tim Chiu/https://www.bluecoat.com/security-blog/2013-02-05/phishing-overlooked-mobile-threat
6. Suspicious attachments
It would be highly unusual for a legitimate organization to send you an email with an attachment, unless it’s a document you’ve requested. As always, if you receive an email that looks suspicious, never download the attachment, as it could be malware.
If there is a lack of details about the signer or lack of contact information this is usually a sign of a phishing email.
8. Here’s what to do if you get a suspicious email:
If you receive a phishing email you should delete it immediately!
If you open the email, it is best practice to disconnect from the network immediately! Unplug the network cable from the back of the PC.
In both cases you should contact PBS and inform us of the email and if you opened it, so we can take the correct measures in assisting you.