1 in 323 emails sent to businesses are malicious. And that’s a conservative estimate.
Why? Because it works.
Email is the most effective way for cybercriminals to gain access to your computer systems. Texts, social media posts and messages, and online advertisers are also a rising threat.
These email and other text-based threats aim to get you to click a link that downloads malware or otherwise provide sensitive information, such as passwords and bank information. Cybercriminals want to infect your system with the aim of destroying computer system/data, disrupting usage, gaining access to private information, or holding your system/data ransom.
4 Tips to avoid falling for a “phishy” email –
- Check who sent the email. Many phishing emails come from email addresses you aren’t familiar with. While the display name might be familiar as someone you know, the actual email address isn’t correct. Always check for errors in the sender’s email address such as o versus 0, or a misspelled name, or unfamiliar domain name.
Example: firstname.lastname@example.org (correct) versus email@example.com or firstname.lastname@example.org (Incorrect!)
Pro Tip: You can configure most email accounts to display the sender’s email address and not just their display name
- Links are always a bit of a hot spot in emails, text messages, and advertisements as they can be shortened or imbedded in text, making it difficult to see the final URL destination. You should only follow links sent to you from trusted sources to avoid downloading anything suspicious onto your system. This goes for text messages and other text-based media as well. Always verify the end URL. If you are unsure about a link, don’t click it. You should be able to navigate to any promotions or deals via a company’s main site. This can include the “Unsubscribe” link at the bottom of an otherwise seemingly innocent marketing email!
Pro Tip: There are free online tools you can copy and paste a link into that will verify it’s end URL has not been compromised. Just be careful not to accidently click the link while copying.
- Read the email carefully. Does it sound like the sender? Are there odd word choices, sentence structures, or other elements that just feel off? If it doesn’t feel right, do not take any actions as requested in the email. Instead contact the organization or sender (not using information gleaned from the suspicious email!) and verify its authenticity.
- Analyze the email critically. Is the email making you feel stressed out? Asking you to take an unusual action, or bypass company policy? Are they asking you for money? Is it creating a sense of urgency – act now, click immediately!
These can all be signs of a malicious email using social engineering to get you to do something you normally wouldn’t do by activating your emotional response.
They aim to attack your decision-making abilities by:
- Exploiting your trust in authority
- Intimidation or threat of negative consequence
- Providing social proof – everyone else is doing it!
- Introducing scarcity or limited time offers
- Creating urgency in combination with scarcity, intimidation, or authority
For more information on how to protect your business from cyber threats contact your Concklin Insurance advisor today!