It’s a new year but the same challenges exist. As we settle into another lockdown, working from home and dealing with the latest strain of COVID-19, here’s a timely reminder of staying vigilant to phishing emails and other online scams.
Phishing emails are a great way for cyber criminals to commit fraud. They are by far the most common way to attack innocent victims. With the amount of press coverage the cyber world receives, companies and individuals are becoming more educated and savvier when it comes to security.
That said, hackers are forever evolving their strategies and coming up with more sophisticated ways to attack, which means an email scam may be harder to spot. According to one report, phishing attacks increased by 220% last year, all thanks to COVID.
So, what can you do to spot if an email is a scam?
- Do you have an account with the company sending the email? If no, then it’s a tell-tale sign! Even if you think someone may have opened up an account in your name, do not open the email.
- Most people have more than one email address. If you receive an email from a company that you’ve had a connection with in the past but it’s sent to a different email address to the one you subscribed, do not open the email. Delete it!
- Check the email address of the sender – this is sometimes the easiest way hackers fool their victims. How often do you properly take note of the sender’s email address? Companies will almost always include their company name within the email and it would be as simple as XX@vodafone.co.uk or firstname.lastname@example.org rather than including lots of other digits and numbers. If a company email is coming from a public domain such as Gmail or Yahoo, it can also be a red flag so be wary. Be sure the company name is spelt correctly too! It can be easily overlooked.
- If you receive an email that is poorly written with grammatical and spelling errors, there’s a high chance it’s a scam. Human error can occur and emails will contain typos, however, emails that are clearly sent from a non-native English speaker will be more obvious. If you receive one, delete the email.
- Attachments are a good way to disguise cybercrime. If you receive an attachment from an unlikely or unknown source, refrain from opening it. A lot of companies will direct you to their website to access important information or documents to download. Likewise, if the email is just a hyperlink to click on, don’t – there’s every chance it’ll contain a virus or malware.
- Avoid reacting to urgent or high-pressured emails – in doing so, you’re likely to click on a suspicious link. If you’ve missed a payment for example – go to the finance company’s website, rather than clicking on any links contained within the email.
- Reputable businesses will never ask for personal information via email so if you are ever asked for personal information, DO NOT RESPOND!
- More and more emails are being sent with greetings such as Hello friend or Dear Valued Customer. If you receive such an email, avoid engaging in any further correspondence. The emails that matter to you should be addressed using your first name at least.
If you’re in any doubt, it’s always best to contact the company sending the email (but not via email). Contact them either directly through their website or via phone. Chances are they won’t be aware of anything ‘phishy’ until it’s brought to their attention.
- If you receive a phishing email, you can forward it to the Anti-Phishing Working Group at email@example.com.
- If you ever receive a phishing text message, you can forward it to SPAM (7726).
- You can also report a phishing attack to the FTC at ftc.gov/complaint.
Our contracted clients can also contact us for advice, but please don't forward the potential fake email on in case it contains macros that auto activate and run on opening the message.