With inflation and a potential recession looming, it’s a challenging time for individuals and businesses alike. Cybercriminals, on the other hand, are having a field day. Nefarious actors know that amidst the economic uncertainty, SMBs are cutting costs. Many are letting go of staff. This creates vulnerabilities for your business, which makes the upcoming year a perfect time for bad actors to target your organization and your employees with phishing scams. Cybercriminals themselves might be feeling the pinch right now, which can motivate them to launch more attacks and make more money. Not convinced? Just think back to the financial crisis in late 2018—the FBI reported a nearly 25% increase in online crime in 2018 and 2019.
Knowledge is a strong defense to help protect your business. In this spirit, we’re sharing three common phishing characteristics to watch for to avoid falling victim to a scam. Learning to recognize these common traits can help you and your team identify potentially dangerous phishing attempts.
IMMEDIATE ACTION NEEDED! Beware of Urgent Subject Lines
Cybercriminals have learned to exploit human weaknesses. They prey upon our most natural and emotional responses when it comes to email, like responding to and acting upon a sense of fear or urgency. Beware of subject lines with a high sense of urgency. Some of the most popular phishing email subject lines include “Official Data Breach Notification” and “Your Password Expires in 24 Hours” or “Please Read: Important Revisions to Vacation Policy”. Some phishing emails will warn that your account is in danger of expiration or deletion. A common phishing tactic is to try to get your staff to click on a link to prevent “deactivation” or to “restore access”. And, of course, beware of anything with the word “urgent” in the subject line.
It’s easy to see why scammers play to our emotions: it works. A good rule of thumb is to never click on a link in a suspicious email. Instead, visit the website directly to explore its validity. Or better yet, train your staff to reach out to your technology team before they take any action.
@outloook.com? Watch for Suspicious Domain Names
The whole point of a phishing attempt is to impersonate a legitimate email and trick your staff into engaging with it. Phishing emails look important, and they appear to come from a known and trusted person or business. Take a close look at the domain name of the sender. Often, these will vary slightly from a legitimate business. For example, numbers might be substituted for letters, or recognizable domains might contain a spelling error. These variations are intended to escape your staff, especially amidst this challenging economic landscape in which people may feel busy and under-resourced and are moving fast to keep up. Also beware of general-market domains like @gmail and @hotmail—most businesses will have their own domain name.
In general, a poorly written email or one that contains grammatical errors should always raise a red flag. We’re all prone to mistakes, but an urgent email from an executive or partner should be error-free and understandable. And did you catch the error above?
Your Invoice is Now Available: Be Wary of Requests for Money or Information
Our last tip to spot a phishing attempt is the content of the email itself. If the sender is asking for money or sensitive information, take caution. Watch for unexpected or unusual requests for payment or personal details. Remember, cybercriminals employ familiar-looking domains to lull your team into a false sense of security. No legitimate business partner or colleague will ask you for login credentials or financial information in an email. This can be especially dangerous at this time of year—it’s tax time. Watch for emails that refer to a tax refund, warn of an audit, pose as the IRS, or ask for personal details to process your personal or business taxes. If you receive a suspicious email asking for payment or personal information, reach out to your contact directly, preferably in-person or over the phone.
As we weather this challenging economy, remember that cybercriminals will be as busy as ever. We hope these tips help you learn to spot phishing attempts. In addition to training your staff on these warning signs, another effective way to prevent phishing is with email security software.
At N8 Solutions, we can help you implement the right tools to protect your operations and your people. Please get in touch with us today to discuss your options. Until then, please keep an eye on that inbox!