Phishing emails are attempts by scammers to trick a person into giving out personal information such as bank account numbers, passwords and credit card numbers. A scammer contacts a person with a fake email pretending to be from a legitimate business. Phishing scams are crude engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately. The scammer asks to have personal details provided. For example, a scammer may say that a bank or specific organization is verifying customer records due to a technical error that wiped out customer data. If details are provided to the scammer online, they will use information to carry out fraudulent activities, such as using credit cards and stealing money. People should never reply to email scams asking for personal or financial information.
Phishing scams vary widely in terms of their complexity, the quality of the forgery and the scammer’s objective. Phishing attacks directed at specific individuals or organizations are referred to as spear phishing. Since these attacks are so pointed, attackers may go to great lengths to gather specific personal or institutional information in the hopes of making the phishing attack more believable and increasing the likelihood of its success. The term whaling is used to describe phishing attacks directed specifically at executive officers or other high-profile targets within a business or organization.
These are common signs of a possible email scam:
• The sender’s email address doesn’t match the name of the company from
which it claims to be.
• The message was sent to an email address that’s different from the one that a
person gave that company.
• A link appears to be legitimate but takes a person to a website whose URL
doesn’t match the address of the company’s website.
• The message starts with a generic greeting like “Dear valued customer”. Most
legitimate companies will include a proper name in their message.
• The message looks different from other messages that the
recipient has received from the company.
• The message requests personal information like a credit card number or
account password. Do not email personal or financial information. Email is not
a secure method of transmitting personal information.
• The message is unsolicited and contains an attachment.
Ways to protect recipient from receiving fraud emails:
• Do not click on any links or open attachments from emails claiming to be from
a bank or another trusted organization asking for information to be updated.
Simply press delete.
• Do an internet search using the names or exact wording of the email or
message to check for any references to a scam. Many scams can be identified
• Look for the secure symbol. Secure websites can be identified by the use of
‘https:’ rather than “http:’ at the start of the internet address. Legitimate
websites that ask for confidential information to be entered are generally
encrypted to protect a person’s information being inputted.
Many types of phishing emails exist. Emails are an inexpensive and popular method for distributing fraudulent messages to potential victims. Some of the most fraudulent messages are from non-monetary hoaxes or non-monetary chain mail. Treat these as you would spam. If a person receives an email message that appears to involve money or asks for personal information, recipient should not respond.
With PhishingBox, companies and organizations can conduct phishing simulations as an effective way to test employees’ security awareness and susceptibility to social engineering tactics. One employee mistake can have serious consequences for businesses and organizations. With stolen data, scammers can reveal commercially sensitive information or commit various acts of espionage.
PhishingBox helps identify and block phishing emails at the initial phase of most targeted attacks
. Put PhishingBox to work for your company.