As an IT support company, we are always telling our friends and clients to be cautious with what they click on or whom they give personal information to. Most people know to avoid giving money to a Nigerian price, but scams and phishing attempts are becoming more advanced every day. Many scam emails disguise themselves as people or companies we already know and trust. You must always be diligent to avoid falling for the latest tricks. Today, we came across a good example within our own company that illustrates why being cautious is so important.
Even IT Companies Get “Phishy” Emails!
What is wrong with this picture? First of all, Sara was not expecting to make any immediate transfers. Secondly, there is no reference to what is being purchased or the reason for a transfer of funds.
Once your alarm bells begin to go off, you will start to notice additional red flags. For example, what is wrong with email@example.com? Notice that the domain etoptechnology.com only has one “L”, as seen in Sara’s email address. However, if you examine at William’s email address, you can see that it contains the wrong domain. If you did not closely examine the sender’s email address, this detail could easily be missed.
In addition to the wrong domain name, there is another tip-off that this email is a scam. The sender signed the email with the nickname “Bill,” but William does not go by Bill.
Had Sara missed these red flags and fallen for the phishing email, she may have replied to confirm that she is ready to make a transfer. She would likely have received a reply email with a link to a wire transfer site that would take her money, never to be seen again. Although this seems like a crude method to steal money, it has led to businesses losing millions in a single transaction.
What Can I Do?
No matter how good your firewalls, antivirus, and other security measures are, there will always be threats like these that slip through. Though the potential for phishing may be intimidating, you can generally protect yourself by following these tips:
1. Keep your guard up and be cautious
2. If you receive an email or any correspondence that you were not expecting, especially relating to requests for money or personal information, verify with the sender through an alternate source like a phone call. Wherever possible, attempt to find the sender’s contact information through Google or some other means, rather than contacting them through the information they supplied.
3. Always closely examine the domain in your senders’ emails and any subsequent websites you get directed to.
4. If you think you have received a phishing attempt, or you already fell for one and think your email or network has been breached, contact your IT provider immediately. Better to be safe than sorry!