It's 2020 and one would think technology can prevent phishing scams or cyber-attack entirely. The answer is no. On the contrary, phishing scams have become more sophisticated and continue to be a major threat for both individuals and businesses of all sizes. A small manufacturing firm in West Michigan reached out to us because they lost $100,000 due to a phishing scam.
Springthrough has received at least 3 different types of phishing emails; the phony Microsoft password change, the "Do me a favor" gift card scam and a website design scam that came through our contact form. Regardless of the various representation and call to action of these phishing emails, there are always some universal telltale signs to spot phishing emails and prevent a potential data breach or financial loss. There are signs to watch out and you can find them below.
Watch Out- You did not perform a pre-requisite action to get the email notification
In the case of the Microsoft changed password scam, you should already be suspicious if you did not request or change your password. If you did not perform a certain action that would lead to the email notification, you should disregard the email immediately no matter what. In some incidences, the email did not fit the context or your relationship with the sender. You can also contact your IT department as an extra step of verification.
Watch Out-The sender's email address
There are a couple of things that you can check in the sender's email address; the domain and the user name. You've probably received some gift card phishing scam through your account from a friend's compromised email. To verify your friend's email, you can start a new message and enter your friend's name in the recipient field which will show you the full email address. As shown in the example of the Microsoft email that we received, the email did not come from a Microsoft domain, which was a major sign of scams.
Watch Out- Lack of personalization
Most companies you digitally engage with will have your customer data to enable personalizations to some degree. In both cases that we discuss in this blog, lack of personalizations is a common sign. Be very careful when you receive emails and address the recipient as "Dear Customer" or a generalized "Hello."
Watch Out- Grammatical errors
There are many spelling errors in the Microsoft phishing email. These minor spelling errors can easily be overlooked as most people only glance at their emails. In the website designer scam that we got through our website contact form, there were also some basic spelling and grammatical errors that caught our eyes.
Watch Out- Embedded links
You can check the embedded links and URL by hovering over the highlighted link. As shown in the picture below, the link is not hosted on a Microsoft domain nor does it say anything about Microsoft. This is a great way to identify if the link is trustworthy before you click it.
Watch Out- Call to action
If a random person comes to you on the street asking for money, you will not just easily take out your wallet and give the money away. It should be the same logic in the digital space. Always think twice before you are prompted to click on a link or enter your account credentials on a website.
Due diligence is never enough when it comes to protecting your identity and personal information in the digital world. On a personal level, exercise with caution and verify the sender via text to confirm if they have reached out to you for a certain favor for financial help. For businesses, leveraging third party spam protection and implementing company-wide user awareness training will allow users to identify potential cyber threats more effectively.