Email is a thing of many, many wonders. It has made the professional world so much simpler, and all the time there are new tools developed for your inbox that are designed to improve things like time-management, collaboration, and, of course, communication. Because of this, professionals from all corners of the business world have been able to accomplish more, in less time.
But that’s not all we should give email credit for.
Your inbox is also responsible for the joyous birth of malicious and targeted emails, otherwise known as phishing. Through these malicious emails, hackers and cyber-criminals can steal data, spread viruses, and infiltrate networks. In the process, they can either take your money, take your secrets, or take your future – or a lovely combination of all three.
And, unfortunately for everyone and anyone who works for a living, phishing attacks have risen more and more with each passing year. Why? Because it’s so very easy to dupe someone into opening a malicious email and then, subsequently, clicking on a corrupt link, downloading a harmful file, or handing over private data to a source with not-so-great intentions. And this is exactly why phishing hasn’t only risen with each passing year but become more successful in the process.
But fear not. Phishing can be avoided. You just have to know what it is you need to avoid. So to help you out, here are a few simple ways to detect a traditional phishing attack.
One of the simplest ways to detect a phishing email is to actually the read the thing – but carefully. When you detect grammatical errors – misspellings, weird phrasings, incorrect uses of words – this should be a major strike for you, especially if the phrasing is weird. You can forgive a misspelling or two, but if something reads in a strange way, that should be a warning sign.
Phishing attacks usually come with some sense of urgency – that something needs to be done right away or immediately or as soon as possible. In most cases, this urgency won’t make sense or it will look like it’s coming out of the left field. If this is the situation, then do your due diligence and confirm the urgency with a reputable source. It can be useful to set up a system that, for example, requires a payment to be approved by more than one manager. However, this won’t always work.
Not too long ago, Mattel was hit by a sophisticated phishing attack. The group who sent the email knew Mattel required a vendor payment to be approved by more than one executive. So, the email was sent to one executive and appeared to come from another executive. The contents of the email were urgent, and since the sender and the receiver make for two approvals, the vendor payment was completed. Mattel sent $2 million to a hacking group simply because this group created a little urgency and did a little research.
If you receive an email that asks you to do something, always look to see who’s sending the email before you make any sort of decision to act on the request. Sometimes a phishing email can be very targeted, indicating that the cyber-criminal has done their homework – much like Mattel. If they have researched you or your company, then the email might appear to come from a source you actually know – but keep in mind, it will only appear to come from the sender – also like the Mattel incident.
This means you should always attempt to confirm the legitimacy of the email address. This can be extremely easy to do if you just take your time to actually look at the address – it might have a misplaced letter or numbers that were never there before.