You can spend countless dollars on sophisticated anti-malware & firewall systems, but the weakest link will always be the human mind. It’s much easier to trick a human to reveal information than trying to force a computer system into doing it. With that in mind, our topic for today’s blog post deals with training employees to spot and prevent email scams. For other great articles about this topic, check out Don’t Get Phished and Don’t Fall for It! How To Tell If An Email Is A Scam.
Double Check The Email Address
This is often one of the most obvious signs of an attacker trying to phish your information. They can look deceptively similar to sites that you likely already use. They will use something like Apple Customer Support as the name. If you double check the email address, it’s “applecustservice12345@ gmail.com” or something to that effect. These emails will often prompt action to get your information, either directly or indirectly (have you visit a fake website, etc).
Think About The Email Content
When something seems too good to be true, such as the foreign prince trying to send you $1.06M USD, it probably is. If your gut feeling is that this is a scam, it probably is. If there is a sense of urgency in the request, they may be trying to get a knee-jerk reaction without you really thinking about it. A scam I was targeted with a few years ago was a scammer posing as a DEA Agent and rattled off a badge number saying that they had a warrant out for my arrest. His threat was that if I didn’t send $1500 in Visa giftcards or Western Union, I would be arrested. This particular scam is designed to cause a panic and take advantage of someone while they aren’t thinking logically.
Look At The Link
ALWAYS pay attention to the link. A lot of scammers use domain names that are similar to the resource they are trying to impersonate in hopes that you aren’t paying attention and will assume the site is legitimate. They will often completely duplicate vital pages on a website, such as the checkout or credit card update screen. For instance, they may register a domain similar to a utility company and duplicate the website with a fake “Pay Your Bill” page.
If you think there’s a remote possibility that there might actually be an issue with the account in question, DON’T click the email or text message link. Instead, use a new browser session and navigate directly to the page using the official URL.
Notice Any Spelling or Grammar Mistakes
Often, you’ll see grammar mistakes in the scam emails. While non-native English speaker typical compose the emails, that’s not always the cause. The misspellings can intentionally be included to “pre-qualify” a lead for the email scams. After all, if a potential fraud victim doesn’t pay attention to the grammar mistakes, they are more likely to fall for the other parts of the scam. Most scammers don’t want to waste their resources on someone who will immediately recognize the fraud attempt. Cyber criminals want someone that will fully commit to their “process”.
If You Have Doubt, Call Directly
If you have an “urgent message” from the CEO of your business to buy Best Buy gift cards for a “secret” giveaway and send him the numbers, slow down and think. Always make the 1 minute phone call instead of buying $1000 of gift cards because you got duped by a scammer. No one is going to get angry with you over confirming a request with them.
How can we prepare for email scams?
SandStorm IT already has a Cybersecurity Awareness Training built into our Managed IT Services package. It includes valuable information and quizzes to increase your team’s knowledge of cybersecurity. We can even do simulated phishing attacks to gather results to see who’s paying attention and who may need additional training to avoid these types of email scams.
We have some of the best tools and knowledge available on the market today. Our solutions cater directly to you and your business. We love partnering with businesses in the Greater Memphis area on their IT. Schedule a call to discuss how we help you with all of your IT needs. We offer a free email scan to see if your information is already out there and available to attackers.