Every small business owner and employee alike are targets for phishing scams to extract money or valuable information. We’re going to discuss methods of defense against phishing scams so that you and your team can operate more confidently on the web.
Phishing scams are almost always emails that are disguised to be friendly, imploring the recipient to enter in login credentials, click a link provided in the email, or even wire money to an account. Some phishers are detailed enough to create an email with official company letterhead, so we must train ourselves to be wary of the following requests for information over email:
- Username/password verification
- A professional service will never ask you to type in your username or password into an email
- to “verify you”. This is almost always an attempt to steal this information and potentially use it against you.
- “Click the link below to…”
- Any brief email with a web link included is suspicious, especially if it’s from an unknown source. Even clicking on a link could give the scammers what they’re looking for.
- “Call this number to verify…”
- Scammers will act as if they are a particular company needing information from you. I personally get these all the time with phishers acting like Spectrum.
- “Please wire the money to the following account.” OR “Please provide account number and routing number.”
- Scammers will be brazen enough to ask for banking credentials. Don’t ever give out banking info via email.
If something ever feels remotely suspicious, the best course of action is to reach back out to the
company or colleague in question through known communication channels to verify whether or not the email is legitimate. If you receive a suspicious email claiming to be from your bank, internet service provider or another colleague, call them on their trusted number to verify the
communication. I know I already said it but it bears being repeated. Do not ever give out banking information via email.
Phishers are also able to mimic the auto-filled contact info in the headers of Outlook and Gmail
emails. So while you might expect an email with “Jeffrey Edwards” in the header is from
email@example.com, it could potentially be from a scammer mimicking my name under a different email. Always expand the “details” and “recipients” portions of your emails to ensure that the communications are actually from the expected email address.
Feel free to send me (firstname.lastname@example.org) forwards or screenshots of suspicious emails and I’m happy to double-check and advise the next best course of action. We appreciate working with your team and we want to help keep your business safe and efficient.