Now that the Holidays are upon us, I thought it befitting to write an article regarding phishing emails, and what you can do to recognize them.
A “phishing” email, in case you don’t know, is a type of scam email that hackers send out en masse hoping for anyone to click on it. You can compare it to actual fishing. The fisherman will sit in his boat and cast his line out for all the fish in the lake to see, hoping that one unlucky fish will bite. Hackers are just like fisherman, except instead of a boat and a fishing line, they sit behind a computer and “cast” out emails.
This is especially troubling during the Holiday season. Who among us isn’t expecting a package from Amazon or similar online store these days? Personally, I can say that I am expecting many packages — gifts for others, gifts from others sent directly to my house, etc. With the busy lives we all live, it is easier than ever to miss a delivery. How many times have you come home to the note stuck to your door letting you know that you missed your delivery? How many of you track your package online from the moment you order it to the moment it arrives? Have you ever checked your email only to see that UPS tried to deliver a special package to you, but you weren’t home to receive it? This has all happened to me, and I know it can happen to you.
Hackers know this too, and that is what they take advantage of. In as little as 2 seconds a hacker can spoof an email address (create a fake one that looks identical to the real deal), and send out a fake email to millions of people — some of whom are expecting a package to be delivered — and hope that one of them clicks on the link to track their missed package. Just look at this email someone submitted to the fraud department at UPS:
This seems like a pretty darn convincing email, especially if you are expecting a package. What is to stop you from clicking the link to get your delivery reference? And for those of us who are guilty of checking personal emails at work, what would stop us from doing so on a company computer? If you’re not careful this can happen to you. I’ve seen similar situations before where someone clicked a link on their work computer, and the entire business went down. This isn’t a joke.
To help keep you and your business safe during the Holidays, here is a list of 8 things to look for in a scam email, courtesy of the UPS website:
- Design Flaws: An e-mail containing distorted or irregularly sized logos
- Poor Grammar: Grammatical errors and excessive use of exclamation points
- Misspellings: Incorrectly spelled words or links to altered websites (For example, modifications or variations of the legitimate www.ups.com website address, such as www.unitedparcelservices.com.)
- Note: UPS sends legitimate e-mail from several URLs, including ups.com and upsemail.com.
- Sense of Urgency: Alarming messages requesting immediate action, such as “Your account will be suspended within 24 hours.” or “Contact us immediately to claim your parcel or prize.”
- Unexpected Requests: A request attempting to obtain money, financial information (e.g. bank account or payment card numbers), or personal information in exchange for the delivery of a package or other article
- Communication Gaps: An e-mail that does not provide an alternative method for communicating the requested information (i.e. telephone, mail, or physical locations)
- Deceptive Link: A link contained within an e-mail that appears to direct your browser to a known, safe site but actually directs your browser to another location, potentially to an unsafe or fraudulent site. You can detect this by hovering over the link with your cursor. This causes the actual destination of the link to display in a pop-up, the lower left of your status bar, or other location depending on your e-mail client. It is suspicious if the actual destination does not match the address in the link. Also be suspicious of links containing numbers in place of letters, abbreviations, and slight misspellings in the link.
If you’d like to learn more about phishing emails: how to recognize them, and what to do when you get one; or, if you’re curious about what you can do to help reduce your risk to cybercrime and keep your business up to date, feel free to reach out with any questions you may have. You can learn more from our website, here.
And most importantly, have a safe and happy Holiday season!