The 5 Most Common Email Phishing Scams
No matter how “bomb-proof” we make your network, you and your employees can still invite a hacker in if you click on a link or open an attachment in an e-mail sent by a cyber criminal.
Some spam is obvious but others are VERY cleverly designed to trick the recipient into opening the door. Known as a “phishing” e-mail, this still is the #1 way hackers bypass firewalls, filters and antivirus. It’s critical that you and your employees know how to spot a threatening e-mail.
Here are a few types of e-mail phishing ploys you should be on high alert for:
The Authority E-mail.
The most common phishing e-mails are ones impersonating your bank, Canada Revenue Agency, Autopac or even the boss at your company. The rule of thumb is this: ANY e-mail that comes in where 1) you don’t personally know the sender, including e-mails from the CRA, Microsoft or your “bank,” and 2) has some horrible time sensitive consequence for not acting fast, delete it. Remember, important notifications will be sent via old-fashioned snail mail. And you can always call and verify with your boss.
The “Account Verification” E-mail.
Any e-mail that asks you to verify your password, bank information or login credentials, OR to update your account information should be ignored. No legitimate vendor sends e-mails asking for this; they will simply ask you upon logging in to update or verify your information if that’s necessary.
The Typo E-mail.
Another big warning sign is typos. A lot of time, these phishing emails are written by criminal rings where English is not their first language. They don't have time, nor care to proofread as a legitimate company would. Therefore, if there are obvious typos or grammar mistakes, delete it.
The You've Won E-mail
If you can't recall entering a contest, you didn't win. And the last thing you should do is give them any information. If you did enter the contest, they already have your information. This also includes anything that would require a shipping fee for the prize to be sent. 99.9% of the time, these are fake.
The Zip File, PDF Or Invoice Attachment
Unless you specifically KNOW the sender of an e-mail, never, EVER open an attachment. That includes PDFs, zip, video files and anything referencing an unpaid invoice or file (many hackers use this to get people in accounting departments to open attachments). Always be sure you know what you are downloading before clicking.
Train yourself and your staff to be cautious
- Double check the email sender by hovering over the from in the address bar.
- Go in through the front door (enter in the correct business URL yourself) instead of following a link.
- Call the company from the verified phone number, not the one listed in the email.
- When replying to an email from staff, delete the reply to address and use the one you have on file.
In the end
Though some phishing scams are easy to spot due to bad grammar and obscure wording, it is important to remember that hackers are only becoming more sophisticated and well disguised.
Being skeptical of requests for personal information, whether you receive them via email, messenger, text or phone call, is a must. It is also a good idea to stay up-to-date with the latest scam trends so that you will be able to spot any different forms of attack as they emerge.
By remaining cautious and following these tips, you should remain well protected against phishing scams.