Phishing Scams: How to Identify Suspicious Emails
How many emails do you get on daily? 20? 30? 50? It's hard to avoid signing up to receive emails because we don't want to miss out on the next big thing! But the more your email is out there, the more likely you are to start receiving some shady emails. Your email provider for sure has spam filters in place, but every now and then a suspicious email can make it to your inbox.
Sometimes these sus emails can be what's called "phishing" (pronounced "fishing"). Phishing is "an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques," according to the United States Computer Emergency Readiness Team (US-CERT) Website. These social engineering techniques can range from false phone calls, in-person visits, or emails, to more recently, social media campaigns.
TLDR: Phishing emails imitate legit companies by sending emails that look official. Everything in the email looks the same (like a logo or particular verbiage) and may link to a seemingly real business page. But in fact, they are taking you to a spam site to collect your personal information - specifically financial info. Ensue panic.
According to Fortune Magazine, KnowBe4 conducted a fake online phishing test from April 1 to June 30, 2017. They sent 6.6 million bogus messages to 2 million individuals. During their test 22,060 people fell for one of their top 10 phishing emails.3 Each of the participants that clicked on the link in the email could've caused a real data breach had it not merely been a test. It is noted that more individuals fell for alternative phishing emails, and this is only the number for those that clicked on one of the top 10. So that number, in reality, is even bigger than 22,000! Crazy, huh?
Percentages based on phishing emails that tricked 22,060 people (Q2 2017)
Seems a little more real, right? How often do you receive and click on links from emails similar to these subject lines? We are all at risk for falling for this false advertising because phishers are getting smarter and smarter with their tactics. It's a scary world out there, folks!
Phishing scams are scary no doubt, but you can avoid becoming a victim by getting familiar with fraudster "go-tos" and red flags.
False claims about your account to get you to reveal your information
Providing false information through messaging on social media platforms (namely Facebook or LinkedIn) to get you to give away your credentials
Emails "sent" by your boss/CEO to get wire transfers or other forms of payments sent somewhere, particularly overseas
Downloading documents or .HTML links so they can hack into your files
At Speedy Cash, we understand it's a difficult decision to trust your money and financial data with a business. Worrying about finances can be hard enough without also having to stress over possible data breaches and unsecure networks. Our employees are regularly trained to identify and defend our network against any phishing scams. We have a skilled Fraud Department that proactively mitigates and keeps up with any known scams falsely claiming to be Speedy Cash. Our webpages have earned the McAfee® SECURE and the Norton SECURED™ certifications, so you know that your information is with a trusted vendor. We also have an award-winning team dedicated to cybersecurity. #humblebrag
Ron Shuck, Director of Information Security at CURO Financial Technologies Corp (the holding company for Speedy Cash) provided some helpful tips regarding links in emails. "Instead of clicking on a link to view information about package delivery, type in the address for the UPS site or Google it, and go from there. Scammers will create links that look like the real deal with a subtle difference (e.g. www.speeedycash.com instead of www.speedycash.com). Notice the extra "e". These "fake" sites will look like the real site, but their purpose is to steal your information." Check out the airbnb email example. Notice anything off? How about the extra characters in the from email address? firstname.lastname@example.org
Ron also suggests, "The best protection is to avoid opening attachments unless you were specifically expecting one." He added, "It is important to remember these tricksters will replicate emails or even websites for legitimate companies to try and trick you."
Remember: never give your sensitive information to anyone unless you can verify that they are indeed who they say they are and that they should have access to this information.
The information included in this article has been reviewed and approved by Ron Shuck Director of Information Security at CURO Financial Technologies Corp.
1Verizon. (2019, May 19). Retrieved from enterprise.verizon.com: https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf
2 (2017, September). Retrieved from Webroot.com: https://www-cdn.webroot.com/8415/0585/3084/Webroot_Quarterly_Threat_Trends_September_2017.pdf
3 Robert Hackett. (2017, July 13). Retrieved from Fortune.com: https://fortune.com/2017/07/13/email-security-phishing/