E-commerce sales are an opportunity for organizations to thrive in business online – cyber criminals thrive in this environment too.
Frantic conditions during the sales or over seasonal holidays are perfect for cyber criminals to exploit the unwary, there’s typically a lot of revenue streaming in and employees being distracted by unforgivingly fast-paced work.
Cyber criminals enjoy employing a technique known as ‘phishing’; viruses camouflaged as seemingly harmless e-mails. Employees who click on these phishing e-mails could unwittingly unleash viruses into the organization’s IT network with potentially disastrous consequences.
We’ve compiled a list of five top tips on spotting such phishing attempts. Hopefully you’ll be able to spot them before you’ve even opened the e-mail.
- Notice incorrect spelling and/or grammar:
Phishing e-mails often have suspiciously vague, miss-spelled subject lines which are particularly easy to spot when sent from a (hacked) employee who typically doesn’t misspell the contents of their e-mails.Surprisingly this is often a deliberate tactic employed by hackers to identify easier targets. When an employee opens a deliberately miss-spelled e-mail it suggests to the hacker that they’re particularly susceptible to scams. Hackers will consequently focus their efforts on these individuals, viewing them as easy prey.
- Check the sender’s e-mail address:
An easy way to identify a dodgy e-mail is to check if the sender’s domain is legitimate and aligns with the sender’s name. Depending on which e-mail client you use, the domain is usually displayed beside the sender’s name. For example, an alleged e-mail from Skynet should have a domain name such as ‘firstname.lastname@example.org’ as opposed to ‘email@example.com’.
- The e-mail is requesting personal information:
One of the most glaringly obvious indicators of a phishing attempt is that e-mail’s requesting you to provide personal details, i.e. passwords, social security number, particularly in instances where it’s against company policy to request such information. Even if the e-mail’s from a recognizable source, never provide this sort of information without identifying if the e-mail’s legitimate.
- Is the e-mail trying to create a sense of urgency?
While I’m not suggesting that you help bring your company to ruins by ignoring high-priority messages from your colleagues – be wary of e-mails that request you respond or provide important information with haste. Commonly phishers attempt to bait their targets by suggesting the recipient’s received a large sum of money, which can only be obtained by providing sensitive bank details.
- The e-mail contains suspicious attachments:
Depending on how sly the phisher is – their e-mails may include an attachment with an obscure file name. Risky file formats include exe, Scr, .zip, .com. and .bat. These e-mails often claim that the attachment contains important details; others may be more blasé and simply ask you to open the attachment. Bear in mind that retailers and banks etc. will typically never send attachments via e-mail.
According to an article from IT Governance, 156 million phishing e-mails are sent daily – of which 15.6 million manage to sneak through spam filters. While we encourage organizations to train their staff through a cyber-security certification – simply spreading awareness of existing threats is a great preventative measure.
Author: Matt Brewitt - originally published 22 December 2014