Have you ever gotten an email from your bank telling you to change your password? Or an email telling you an order you never made got cancelled?
You’re not alone. Approximately 6.4 billion fake emails are sent every day, which means it’s likely one will end up in your mailbox.
While some emails immediately raise red flags upon first look, others can fly under the radar. Hackers are sending sophisticated emails that look legitimate, making any one susceptible to becoming a victim.
Types of Emails Attacks
Approximately 80% of organizations say they’ve faced an email attack in the past year. These attacks can cause a lot of problems to your organization including: data loss, disrupting business productivity, financial liabilities and putting customer data at risk.
There are two main types of email attacks:
Malicious links/attachments: These attacks are used to spread malware, like ransomware, by having potential victims click on malicious links or download attachments. Fake websites are also spread via email as a way to steal credentials. Potential victims would click on these links to change their passwords but unknowingly give their information to hackers instead.
Malware-less: This type of threat is known as business email compromise (BEC). BEC uses impersonation, rather than malware, to target organizations. Hackers try to trick organizations into transferring large amounts of money by posing as an authoritative figure. This type of attack features more interaction than sending malicious links/attachments because it requires a back and forth response from the victim and hacker.
What to Look for in a Fake Email
Poor Images and Wording: Examine the sender and the body of the email. Do you know the email address? Is there an extra letter that you can’t see immediately? Look for poorly spelled words or grammatically incorrect language. In addition, images might not be of high quality.
Urgent tone with vague greeting: Hackers tend to use generic terms in their greetings. They will most likely address your email as ‘Dear Client’ or ‘Dear customer’. To get you to overlook the vague wording, they’ll make the email sound urgent. Be wary of an email telling you to update your password immediately or that you need to renew your subscription because it has been terminated.
Information Requests: Companies, such as banks or social media accounts, will not ask for your personal information via email. When receiving requests for personal information or to change your password, treat it with caution. Double check who the sender is; don’t be afraid to contact companies directly asking them if they requested this information.
How do I Protect my Business Against Suspicious Emails?
Don’t engage: A recent report found that 55% of employees admitted to clicking on links they did not recognize. If you are unsure of the sender, do not click on any external links/attachments within the email. If a suspicious looking email appears to be from someone you know, double check with them to make sure they actually sent the email.
Review your spam filters: Depending on your email tenant, you should be able to customize your spam settings. These setting usually allow you to create lists of safe safe senders and block certain email addresses.
Antivirus: If you think you might have accidentally clicked on a malicious email, run an antivirus scan across your computer(s) to check for threats.
Review links: Since emails can link to websites that very convincing and almost identical to real ones, it’s hard to tell if you received a fake email. This is why the URL an email links is a very important identifier on whether or not it’s fake.
Add a security layer: Organizations should consider using a secure email solution in addition to having cyber aware staff. Our Secure IT – Mail service will help protect your organization against phishing, spam, viruses etc. with a support team available 24/7/365. Visit our product page for more information.