In our modern world, the use of emails as a primary form of communication has become the norm. But with this comes the risk of increasingly clever cyberattacks that prey upon you and your employees who use email.
Scammers send phishing emails to try to gain access to basic information from users. Once they have this, they may be able to infiltrate your email, I.T. network, bank account, or other accounts. Even the use of spam filters may not be enough to catch every phishing email that tries to sneak into your inbox.
So what can be done to keep your business’s information and accounts safe?
Know what to look for. Phishing emails can be very convincing. They might seem to come from friends, family members, co-workers, authorities, or even use familiar logos to appear similar to companies you trust. But if you look closely, there are generally ways to tell if they are legitimate.
A few things to keep an eye out for may be:
- Typos and grammatical errors
- Incorrect or mismatched email addresses
- Generic signatures
- “Too good to be true” claims or offers of large rewards
- False invoices
- Fear tactics, such as urgent calls to action, suspicious activity, or failed log-in attempts
- Asking you to confirm or fill in personal information
It’s important to note that legitimate companies generally have domain emails, won’t ask for sensitive information, or send unsolicited attachments. Their links will match legitimate URLs, and they won’t try to trick you into clicking on anything.1
Add extra layers of protection. Make sure to look into the use of antivirus software and ensure it is up-to-date. Also, consider the use of multifactor authentication, which requires two or more credentials to log in. If a scammer convinced an employee to fall for a phishing scam, multifactor authentication could help make it more difficult to successfully get into that employee’s accounts.
Back up important data regularly in case the worst were to occur. This is a good practice in general but can be especially helpful to keep your records and documents in safe standing should the originals be compromised.
Report phishing attempts. If you or your employees have successfully identified a potential phishing email, report the message and delete it from the inbox right away. Most email hosts have an option to report spam and block specific email addresses. If you question the validity of an email, take a moment to read it carefully and look up any keywords or identifying notes that could lead you to make an informed decision. And, if you suspect you clicked on a bad link, take action right away by contacting your information security department.
Phishing emails could put you – and your business – in danger. When in doubt, be wary of suspicious emails and don’t take the bait.
1 Federal Trade Commission Consumer Information.
https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams#recognize