Some time ago we spoke about email security and spam. Recently, there’s been a rash of phishing attacks and fake emails that look more and more authentic all of the time. Again, some of it is useless junk, but a great deal of it contains phishing links to lure you into giving a malicious party your addresses and financial info.
So what is a phishing attack?
Phishing is a type of social engineering attack, whereby a malicious party sends an email to a recipient that appears to be from a trusted or known entity, with a convincing or threatening message, in order to convince the recipient to give up their personal information, financial data, credit card details etc.
Here are a some of the more frequent phishing attack strategies, and some tell-tale signs on how to spot a fake email.
- Tax notices: we see these a lot; you receive an email from CRA or the IRS asking you to pay your taxes by clicking a link and entering your credit card details. This can also take the form of an automated phone message. Just delete this email; the CRA or IRS would never request money in this way; they’d contact you by official letter.
- Billing fraud emails: ‘Your payment has been declined’; ever seen this one? Some payment reminders do take this form, so before acting on this type of email, you need to make sure that the email is from a company that you actually do business with. If you’re unsure, you can always phone the company that the email is from and check.
- Subscription or account expiration: Again, make sure that the subscription or account is with a company that you really do business with; don’t just click on it blindly.
- ‘Your account has been compromised’ or ‘You have a virus’: This kind of phishing email kindly informs you that your computer or computer account has either been hacked or has been infected with a virus of some kind, then gives you a link to a source where you can pay for and download software to fix your computer. Delete these messages since your actual anti-virus and security programs would not send you an email as they’d be active on your computer and would alert you from there.
- Contest winner: You’ve won a million dollars! Click here to receive your prize! Don’t fall for this one; you’d be giving a malicious party all of your information and they’d scam you to pieces.
- Emails that appear to be from an official body: If you receive an email from the government, you bank, or the police saying that you owe money, that you’re being deported, that you status is revoked, that you need to pay a fine, or something along those line, just delete it from your system as official bodies of that size would never send email like this – they’d communicate by official letter.
- Emails that appear to be from friends or colleagues: Someone emails you, saying that they are in trouble, need money, or need to purchase something urgently. If it actually was a friend, why wouldn’t they just phone you?
- Accusatory emails: You receive an email from someone that accuses you of putting them in a bad position, selling them bad goods, not paying your rent, etc. Again, rarely do companies or individuals act in this way; they’d contact you by phone or letter, so just delete this straight away.
- Routine security checks: from one of your subscription services or accounts. First, make sure its from a company that you’re actually using, and check you subscription or account first before acting on any notification like this as they could just be after your financial info. If you do legitimate business with a company mentioned in the phishing email, you can call them and ask if they would like you to forward the email to them. This can help the business guard themselves against such threats.
These are some of the main types of phishing emails that you may receive. If you have any concerns over phishing emails, spam, or email security, please contact us and we’ll help and advise you on the best ways to plan and defend against these threats.
Remember, if you do receive a phishing email:
- Don’t click on any links in the email
- Never open attachments or pictures
- Don’t try replying to the sender
- Report the scam if you can
- Delete the email from your system