Phishing – Don’t Take the Bait!
Another day at the office means more emails to read and respond to. Except, one of them feels off. The sender appears to be your bank notifying you about an expired password and provides a link to for verification purposes. But upon further inspection you notice a handful of typos and grammatical errors, the email address doesn’t match up with the bank’s name, and there is no additional form of contact. You conclude that this email is a scam.
Phishing is just that: a lucrative scam used with electronic communication to obtain sensitive information and/or data such as usernames, passwords, credit card details, etc. Essentially, it’s a digital charlatan.
So why did you receive that email in the first place? It’s most likely the hacker behind it thought you were an easy target. Don’t take it personally! For them, an easy target is simply someone that will not take a lot of effort to get what they want. This means phishing is not just workplace phenomenon.
Hackers don’t work 9-5 and are always scoping for potential targets. The ability to identify email scams outside the office in your personal life is just as crucial. Be on the lookout for both your company and yourself especially since not all phishing attacks look the same. Aside from emails, phishing attacks also include phone calls and text messages.
The bank scenario mentioned in the first paragraph is just one example of a common phishing email, but you might not immediately notice it’s a fake. Phishing emails that pretend to be another company such as Amazon, PayPal, your bank, etc. do try to make them look legitimate using those companies’ graphics. However, the best thing to do instead of clicking the link as the email suggests is to simply call the company about the contents of the email.
Other common phishing examples include emails claiming:
· You are a contest winner
· To be a Nigerian Prince in need of help
· To be a “friend” asking for financial assistance
· To be an angry “customer” accusing you of stealing or a notice to vacate
· To be a government agency demanding your information
· Your computer has been infected or an account of yours has been breached
· You are eligible for a tax refund or have been selected to be audited
· CEO Fraud (This is called whaling!)
Recently, in lieu of COVID-19, phishing emails have been on the rise in which hackers impersonate government organizations, such as the World Health Organization, or claim to have info regarding government stimulus payments. Employees that are working remotely have been prime targets for these recent phishing attacks.
Despite all these varied examples there is one thing common throughout. Phishing attacks almost always have a sense of urgency so victims will comply to them.
As scary as all of this is the best practices are to NOT click links in emails or text messages you weren’t expecting, double check the legitimacy of the URL/sender before proving any information, and of course, report phishing attacks. For good measure, you can also block them using email filtering. The most important thing you can do is to NOT play games with these hackers. It can still cause harm to you and your company since they are after whatever information they can get their hands on.