Since the early 2000s, spear phishing scams have been a problem. These scamming emails occur when someone attempts to lure sensitive information from an unsuspecting recipient by posing as a legitimate company or entity (i.e. 'please provide your credit card info for a free trial,' or, 'your account has been hacked, please reply with your password and username to reclaim control').
Falling victim to a phishing scam can be detrimental to the individual or company who is preyed upon. And unfortunately, phishing scammers have been getting better and better, therefore making it more difficult to detect when an email is legitimate vs. when it is a fake.
To help you decipher between what's real and what's not, look for these 5 signs that you're reading a spear phishing email.
Nosy and Suspicious Requests
Your bank, or any other company, will not ask you for your social security number, bank account information, pin numbers, or any other highly sensitive material over email. Whenever you receive an email that is requesting any type of info from you, always remain suspicious. When in doubt, call the bank or company directly to ensure that the email is in fact legitimate.
While we can all be guilty of a typo here or there, some phishing emails are often plagued by spelling, grammatical, and format errors. While in some instances, the grammatical errors are caused by the sender not being a strong English speaker, many theorize that these errors are prevalent in scam emails because they save time.
Because it usually takes multiple emails back and forth between the phisher and the victim for them to successfully extract the information, the scammers need to weed out between those who will fall for it and those who won't. In other words, people who look past grammatical errors and ignore spelling mistakes are more likely to actually provide the information than those who don't. Therefore, they can save time by sending low-quality emails to more people, faster, and cast a wider net around potential victims.
Pretty evil, we know. So always be mindful of too many grammatical errors!
Missing a Name for Who it is Addressed to
An email that begins with 'Dear customer' or a similarly generic introduction is more likely to be a spear phishing email than those that actually include your own name. For reasons described in the previous tip, it is more advantageous for these criminals to not take the time to figure out the names of the recipients, but to rather just send out as many as they can.
Email From a Public Internet Account
If you believe you're receiving an email from a bank or business, the sender's email should not have a public internet account attached to it. If the email is @ Gmail, Yahoo!, Hotmail, or Outlook should all be a red flag that the sender is not who they say they are. Many phishing emails will use the name of the bank or entity in the email to try and trick you
Phishing scammers will often use fraudulent websites to try and steal your information. If you are provided a link, check carefully to make sure that the URL is correct. You can easily do this by opening up a new tab and googling the website yourself and checking to make sure that it is the same as the one provided in the email. Scammers will try and make the website look as close to the original as possible, but you can spot slight differences, such as alternative spelling or added punctuation.
Use Medicus IT For Your Cybersecurity Needs
At Medicus IT, we offer phishing and security awareness solutions for our clients to help you prepare for a phishing email attack on your business. We'll work with you to implement a phishing scam simulation, which will allow us to identify which employees fell for the scam. Therefore, we can pinpoint which employees need to be trained in how to spot these scams. It's also a great reality check, as it shows just how easy it is for businesses and their employees to be tricked into giving up personal information.
These simulations are extremely important for healthcare providers, whose patient's information and records should be confidential at all times.
For more information on types of phishing, check out our previous blog post.
If you need assistance with your cybersecurity or information technology, call or send us a message today and tell us how we can help with keeping your business or organizations safe, secure, and protected.