Many phishing emails are easy to spot. Between the terrible grammar and the odd requests for banking information, it’s a no-brainer to mark it as spam and move along. However, scammers have come a long way in recent years and it can be a bit more difficult to differentiate between what’s real and what isn’t.
1. Legitimate companies won’t ask for personal information.
Any email or phone call that asks you for personal information is likely phishing. Once they get your credit card or social security number, you’ve got a one way ticket to identity theft. If you receive an email asking for this sort of information, it’s important to check the email address that sent it. It’ll likely be a slightly-off form of a legitimate business name. If you aren’t sure, go to the company’s website (don’t click any links in the email, more on this later) and contact them via the information available.
2. Dire warnings are meant to scare you into action.
When an email is full of dire warnings and veiled threats, you can safely assume it’s a scam. Real companies won’t email you about sensitive information, or take action against you because you didn’t respond. You’re much more likely to receive a phone call or letter in the mail than an email, especially one that asks for personal information (see above).
3. Strange links aren’t to be trusted.
Be wary of any emails that contain links, especially if it claims to be from a business you frequent but the formatting and graphics are different from the usual emails you receive. They’re likely using a recognizable name to lull you into a false sense of security. If you hover over the links, they’ll likely show a much different url than they claim. You’ll also want to be wary of anything asking you to reset your password by following a link, because you’re likely just telling the scammers exactly what you password is.
If you’ve inadvertently clicked on a link or given sensitive information to someone, it’s important to take action as soon as possible. Change your passwords, call your credit card company or bank, or talk to the IT department if the incident occurred with company property or information. The faster you notify the correct people, the better off you’ll be.
Phishing scams may seems like a small issue, but they can cause serious security breaches and liability. Keeping employees up to date on the most common scams that are currently circulating can help reduce your overall cyber risk, as these things are continuously evolving.