Cyber criminals love a crisis. When panic begins, they see an opportunity to feed on your fear. With more people working remotely than ever before, the attacks are definitely on the increase. Some simple tips can help you spot fake emails from a seemingly trusted company.
Brand impersonation has become so popular that 83% of all spear phishing attacks use this tactic. A scammer mimics a well-known company telling you there is something wrong with your account. If you just click the link and log in, you can verify the suspicious activity. Everything looks legitimate so you click the link, go to what you think is the company’s website and sign in. Whoever really sent the email now knows your username and password, giving them the ability to gain access to your real account. Do you use the same password for multiple accounts? They have access to those as well.
Know your enemy
Many cyber criminals are foreign, college educated people working for large foreign companies whose sole purpose is stealing your money and your information. They spend their time studying trends, studying you and then sending what will scare you the most. This image shows the same email on a computer screen versus a phone. On the computer, it is pretty obvious that it’s a scam. However, they know many people check email on their phone, so it was optimized to look correct on a phone screen.
What to look for in fake emails
There are simple things to check for in order to spot the spoof.
- Misspellings or questionable domain name in sender’s email and hyperlinks
- Poor grammar. English is a second language for many cyber criminals.
- Vague description of the “issue” with your account
- Ask “Is this normal practice for the company to communicate with me?”
Best practices to protect yourself
Don’t panic! Take a moment to closely look at the email.
- Match their claim to your use of the product. (i.e. if you receive an email about an iTunes purchase, but haven’t made any purchases)
- If you want to check your account, do not follow links in the email. Go to the company’s website directly to log in
- When in doubt, call the company to ask about your account
- If you do make a mistake and type in your user id and password to an impersonating website, immediately go to your real account and change your password.
Want to see more?
See our full suite of Cyber Hygiene checklists to learn how to protect yourself, your family and your company while working from home.