Human Resources and Technology

How to spot and avoid phishing scams

November 19, 2018
Print
Text Size:
A A

With more and more criminals exploiting the convenience, speed and anonymity of the internet to commit criminal activities, cybercrime is an ever-growing threat that poses a real threat to people all over the world.

There are new scams emerging every day, and it is estimated that by the year 2021, damages from cybercrime will cost the world $6 trillion annually.

Phishing, the fraudulent attempt to obtain private information like usernames, passwords, or credit card information for malicious reasons, is one of the easiest forms of cyberattack for a criminal to carry out. This usually involves a scammer sending someone an email that appears to be from a legitimate company or source, and asks that the user provide sensitive data.

It is common knowledge that you should not click on a link or download an attachment from a sketchy email, and yet, there are people who fall for phishing scams every day.

Protect your sensitive information and keep the following tips in mind the next time you get an email that seems a little off:

Know the signs

A few tell-tale signs of a phishing email are:

The message asks for personal information

No matter how official an email message might look, it is a bad sign if it is asking for your banking information, Social Security number or account password.

Poor spelling and grammar

If a real company is sending out an email to many users, it is likely that it would have been reviewed for spelling, grammar and legality. If there are an abundance of grammatical errors, it is likely that the email is from an illegitimate source.

Forged URLs

To check the integrity of an email, hover your mouse over the top of any URLs and see if the hyperlinked address matches with what is displayed. A good rule of thumb is to never click on links in emails that seem like they could be a scam.

Verify with the sender

A new trend in phishing scams is something called “spear phishing,” which is an email targeted at a specific individual or department within an organization that appears to be from a trusted source, like your boss or your company’s billing department. These emails typically show a sense of urgency and are asking for confidential information.

When you receive an email that you suspect might be a scam, do not respond in order to verify the sender’s request, as a criminal can easily lie again. The best course of action is to pick up the phone and call the person, or if you work in the same building, walk to their office to ask if they sent you the email.

One employee clicking on a link that contains malware or ransomware can have serious consequences for a business, so take the time to double check with the alleged sender.

Trust your spam filter

While spam filters can sometimes get it wrong and mark a legitimate email as unsafe, they are in place for a reason and are a good first line of defense against phishing emails. If an email lands in your spam filter, that is a good indication that the sender may not be legitimate.

Have a plan in place

If you do fall victim to a phishing scam, contact an IT professional immediately. Cases that involve ransomware, which hold your sensitive information hostage until you pay a fee or wire a criminal money, will need attention from law enforcement. Being proactive and having backups of your data is also very important.

Cybercrime is constantly evolving, so it is important to consult with an IT team that understands the newest trends in online scams, and how to best protect your sensitive information. Use your best judgment and always remember to think twice before clicking on a link in an email that seems suspect.