Email is an integral form of communication for any business. Whether you are a CEO or an assistant, you will most likely have to use email on a daily basis, and you might occasionally receive emails from someone you are not familiar with. This is why malicious cyber activity targeted at employees and CEOs is being executing through this channel more frequently. Phishing emails are fraudulent emails that impersonate a person or a company that you would have an association with, in order to trick you into providing information or clicking a link containing malware. As part of an employee’s daily email rounds, they should perform these practices to ensure the “sender” is in fact who they say they are, before performing any action.
Learn to detect a fraudulent email
Bad layout and grammar:
If you notice some errors in grammar or spelling, especially if the email was meant to come from a reputable company, like banks, tech companies, universities, then that’s a sign that something isn’t right. Also look for signs of inconsistency in the formatting, like use of different fonts and sizes, emails that would really come from an official company would have a specific overall style, it would be neat and clean of any errors.
Sometimes errors in spelling or grammar can be too minuscule to notice, so a good giveaway to a fraudulent email would be to look at the URLs, whether in the sender email itself or in the link provided, if any. Check for any weird numbers or symbol that wouldn’t belong. “.co” or “.bz” instead of “.com” or “.ca” are usually a sign that it’s not the real company. “email@example.com” would be a fake email address, as a tech giant like Microsoft would have the capability to create a cleaner looking handle.
Request for personal information, or a wire transfer:
What these scammers are essentially after: money. They will either attempt to ask for it directly by pretending they are someone in an organization who needs a specific amount wired to a certain account, or they will go the less direct way, and just phish for your personal and banking information, which they can use to access your bank account and withdraw from there.
Whatever the phishers want you do to, they will emphasize it with a sense of urgency, often providing a deadline with consequences, like a reward or a prize if their request is met in time, or a threat of a criminal charge, if you don’t meet the deadline. Examples: YOU MUST TAKE ACTION IMMEDIATELY OR YOU WILL BE LOCKED OUT OF YOUR ACCOUNT.
Doesn’t specify you by name:
Greeting with “Dear Customer” or something similar, although some of the more sophisticated forms like spear phishing would be able to obtain your basic information to customize it and make it seem like they are personally contacting you.
Learn the appropriate protocol once encountered
- If the proposed sender is someone you know, get in touch with them in person, and verify that they indeed had sent you the request.
- Don’t click on links, don’t reply, don’t download attachments, don’t provide personal information.
- Mistakes happen! And someone could have done any of the above actions and before realizing the sender was fake. If so, immediately run any anti-malware software, or report it to an IT person, who would quickly try to find and eliminate viruses that could have penetrated the system.
- REPORT IT. You will definitely be able to learn from your own mistakes, but others who might not be aware of this occurrence could be vulnerable to make the same mistake! Make sure to develop a system or an outlet where employees can report incidents or fraud or phishing so that their colleagues can know what to watch out for.
To avoid such instances at work, management should implement a cyber security training program as part of any new employee orientation, and make sure they are aware of the proper email standards and protocol.