How to Recognize and Avoid Phishing Scams

By Michael Hensley, Director of Professional Services

As cyberattacks have become increasingly prevalent in recent years, the importance of effective cybersecurity preparation has grown exponentially. To safeguard assets and protect against hacking attempts, organizations have felt the pressing need to ramp-up their security measures by mandating appropriate training exercises and informational sessions for all employees.

Despite recent technological innovations that have limited the effectiveness of cybercrimes, hackers have shown an inclination to evolve. In what has become one of the most common forms of cybercrimes, phishing attacks use emails or malicious websites to solicit personal information from users. Hackers will often disguise themselves as a trustworthy organization to gain sensitive passwords, account numbers, or Social Security data.

Phishing scams can come in many different forms, including:

• Spear Phishing – emails targeting a specific individual, team, or department
• Vishing – calls or voicemail messages asking for personal or account information
• Clone Phishing – cloning a previous email you received from a legitimate company
• Smishing – SMS/text messages used to solicit personal or account information
• Whaling – emails attacking executives, department heads, or managers

If you’re looking to educate your employees about how to detect these various forms of cyber-scams, here are the most recognizable warning signs of potential phishing attacks:

Messages coming from a suspicious sender’s address

Cybercriminals often use an email address that closely resembles – but is not the same as – one from a reputable company. It is pivotal to examine the sender’s email before taking any action. If you notice mistakes or misspellings in the email address, it’s probably a potential cybercrime.

Emails with generic greetings and signatures

If you receive a message that contains a salutation or signature that is noticeably plain, it could be the sign of a phishing attack. While some of the most common greetings used by cybercriminals are “Dear valued member” or “Dear customer,” other hackers choose to neglect this standard opening altogether. An easy way to determine if an email is legitimate is if the sender addresses you by name.

Poor spelling, grammar, and sentence structure

Mistake-ridden messages present arguably the easiest way to spot email scams. Scammers generally target undereducated and less observant segments of the population and choose to purposely include errors are within the body of their email. If you receive a message that reads awkwardly – especially one from a reputable organization – assume that its contents are not valid.

Attaching fake invoices

Unsolicited emails with PDF documents or other files attached to them usually point to phishing attempts. Opening these attachments can trigger the spread of malware or other infectious viruses on your organization’s network. To avoid recklessly opening this kind of document, you should always confirm the sender’s address and verify that the file is one that you regularly receive.

While it is impossible to fully protect against a cyberattack, each employee can do their part to preserve the safety of their organization. By training workers to approach suspicious messages with proper diligence and care, phishing threats can be thwarted before they even begin – saving your organization from disaster.

Additional resources

We’ve created flyers for you to distribute and increase awareness in your organizations:

• Beware of Phishing Scams
• Phishing Attempts: What To Look For
• Types of Phishing Attacks

Interested in learning more about how you can implement suitable phishing training to protect your organization? Connect with Mike on LinkedIn or email him at hensleym@lumestrategies.com.

To learn more about emerging IT trends, visit our Lume blog.