It’s 2 AM, and you’re sound asleep. A sudden DING slaps you awake. In a sleepy haze, like a moth to a flame, you fumble for the glowing screen. A new notification floods your bedroom with light: an email from your boss. That’s odd, she’s never awake at this hour. Your finger hovers over the subject line. This could be an emergency.
What do you do?
If you’re like the millions of employees every year, you click only to to discover (by the time it’s too late) that what you received was a spoofed email sent in a criminal act known as Phishing: a fraudulent scheme that you just fell for hook, line, and sinker.
Phishing is the practice of serving up a fake email, frequently referred to as “spam,” in an attempt to harvest or access sensitive information. It’s one of the most common online tricks malicious actors use to try to steal your personal and company data.
At JNT TEK, we know the danger phishing poses to your company’s secure systems, so here are a few key ways you can distinguish a legitimate email from a fake.
The SPAM Folder
One place that you can be sure to encounter spoofed emails is in your spam or junk folders. Most modern email services employ a variety of high-tech screening tools that identify and filter out spam messages, which are then sequestered in their own special folder.
As a general rule, don’t go digging through the spam folder unless you know you’re missing an email from someone. When you do search there, know what it is you’re looking for, and avoid the temptation to scan enticing advertisements. Remember: nearly every message you’ll ever find in this folder will have been designed to try to fool you into thinking they are legitimate!
Legitimate Senders Follow the Rules
Sometimes spammers will be very aggressive in an attempt to circumvent your spam filters. Often they do this by using numbers and special characters in the subject line and body of their emails. That email telling you to “Buy V1@gr@ Here!!!” isn’t trying to sell you Viagra, it’s trying to steal your personal information. Pay
Check the Sender
All emails originate from a sender. Every email contains information about its sender in the message header. This information will be displayed differently, depending on which software you’re using.
Sometimes, malicious actors will set up their emails to appear as though they are coming from someone you trust, an act known as spoofing—yes, including your boss. But, if you look more closely at the actual address, which is usually displayed between two triangle brackets (e.g. <firstname.lastname@example.org>), you should see who an email’s actual sender is.
Legitimate emails will (nearly) always be sent directly from a company’s own domain. An email phishing attempt, however, will usually look, well… fishy. Free email providers, foreign domain extensions (for example, .ru, .cz, etc.), or domains you’ve not familiar with, are all examples you should be wary of.
Spelling & Grammar
It’s not uncommon to find simple spelling and grammatical errors in the message body of a fake email. Does the email read like a bad lip-reading of a foreign language? Legitimate senders generally put a lot of time and attention into making sure their communications read well. Scammers, not so much.
These Aren’t The Links You’re Looking For
Spam emails will attempt to divert you to a website to harvest information from you. Often, the website they link you to will be made to look very, very convincing. So don’t click! Instead, hover over links with your cursor to see where that link is trying to send you… before you find yourself going somewhere you regret.
Final Note: Review Legitimate Communications
The more familiar you are with various ways legitimate senders communicate, the less likely you are to be fooled by malicious actors attempting to impersonate them. In addition to marketing materials, banks and other institutions often send out security bulletins in an effort to alert their clients and customers to the latest scams. They don’t want you to fall victim to phishing attempts any more than you do! So keep what you’ve learned here in mind, and remember: some scammers will even use an institution’s own materials as part of the ruse.
Don’t let yourself become a victim. And don’t click on emails at 2 AM.
That can wait until morning.
JNT TEK is a full service IT solutions provider that can take care of all your technology needs. With over 40 years experience developing and supporting IT systems big and small, our team of certified engineers and developers are ready to serve as your go-to IT department. No matter your size, no matter your industry, we can provide you with expert service and care.
Contact us today to schedule a FREE consultation, and see what we can do to optimize your business.