What is a Phishing Email and how could it impact my business?

– What is a Phishing Email and how could it impact my business?Phishing emails try to steal your money. They use various techniques to try to get valid usernames, passwords, credit card details & more. Often they pose as a legitimate well known company such as UPS, Facebook or Citibank. Sometimes they even pose as someone in your company and gather information or request bank transfers. These fake emails use various methods such as links to infected websites or email spoofing where they pretend to be emailing from another person or company.

Here are 10 tips to look out for:

  1. The message has poor grammar and/or spelling mistakes
    The message from “Faceboook” might be obvious but there are other fake emails which are very professional and have minor grammatical errors. Review the email carefully for both spelling and grammar mistakes.  Large corporations double check the wording very carefully before sending mass emails.
  2. The email asks for personal information
    It is a red flag if the email asks for your credit card number, account number – even your things like your name, address or phone number. Your real bank does not need to ask you what your social security or account number is. If in doubt, you can always call your bank or credit card company and deal with any issues over the phone. If you opt to go to their website instead of calling, do not click on the link in the email- go directly to the website or search google for the website.
  3. The email has a mismatched URL
    One fake email that arrived recently had a name that did not match the URL in the brackets after the name (FROM: Linda.Brown@mit.edu <john@xyz.com>). Or another email was from BMW.org but the car company is BMW.COM. Sometimes you need to mouse over the address to see the hyperlink and not just the name. Look closely at the “FROM” address, both the name and the hyperinked email address.
  4. The email has a misleading domain name
    A company such as Microsoft could email from windows.microsoft.com where the additional information is before the company’s true domain name. However, some of the spam emails add something on the end, such as Microsoft.maliciousdomain.com. Pay attention to the end of the domain when trying to determine if it is a legitimate email.
  5. Offer is too good to be true
    You know the expression, if it looks too good to be true it probably is.  Don’t be tempted to respond to offers of winning a million dollars or some other amazing offer.
  6. Asking to send money to cover expenses
    Often in phishing emails, maybe not the first one but subsequent emails, you will be asked to cover taxes, shipping, or some other fee. This is a sign that it is a scam. Nonsense such as: I have a million dollars but I am in a foreign country and I need assistance from you, such as sending money to unlock the money is definitely a scam. There are scripts on the internet which try to make friends first with fictitious names/situations then when you get to “know” the person they will ask for money.
  7. Unrealistic Threats
    Be careful when the “threat” seems unreasonable. For example if an email pretends that your bank was hacked and you need to send ID in the email or else the bank will close the account and confiscate your money. When you think about it, the bank would not confiscate the money if there was a problem with your account.
  8. Email from a Government Agency ?
    Often the phishing email will pretend to be the FBI or IRS to scare you into paying money or giving up your personal information. The email might say you did something illegal and you need to pay immediately but if there a real problem, you can be sure they won’t simply send an email and demand money or your personal information.
  9. You Didn’t Initiate the Action
    If you receive an email saying you won a contest but you don’t remember entering a contest, this is also a scam. Another example is a problem with your shipment and you didn’t ship anything lately. In fact, fake shipping emails, in particular, have been used to distribute nasty viruses such as Cryptolocker which holds your files for ransom so be wary of emails related to shipping of packages.
  10. Links in Email to Fake Web Pages
    Some fake emails include links to a web page which is also appears to be from a well known company. For example, an email from Citibank saying there is a problem with your account so click on the link to unlock your account. The fake web page is intended to capture your name, account number and other personal information. You should go directly to websites without clicking on the link in the email.

Finally, if you’re ever not sure about an email or web page, contact ASIS at 732-549-6030 and we can help you determine if it is legitimate.