We’ve all been there. You get an email in your inbox from your credit card company, a friend, or even your boss. The message is urgent, and tells you that you must follow a link or download an attachment right away to avoid getting in trouble or to prevent fraud on an account. It’s so tempting to download the attachment or follow the link and give the personal information asked of you, because after all, the email told you it needed to be done RIGHT NOW! And you don’t want to be responsible for fraudulent charges on your credit card or a boss who is mad because you didn’t do what he asked.
But it’s those feelings of panic and dire importance that cyber scammers rely on.
Phishing emails are not new, they are as old as email itself. They are emails sent with the intent to trick you into downloading malware onto your computer or divulging your personal information. And while most of us know that an email from a Nigerian prince wanting to share his wealth isn’t legit, phishers are getting smarter and sneakier in their tactics. The IT department at Solutionreach has increased their focus on educating Solutionaries (their fellow Solutionreach employees) about ways to avoid falling victim to phishing emails. The information they distributed was too good to keep to ourselves, and we wanted to share their top five tips to avoid getting hooked by phishers.
- Don’t trust the display name. A common phishing tactic is to send the email from an address similar to one you would be expecting. A slight misspelling in the domain or alteration to the format of company email addresses is all it takes. Most businesses will choose a formula for creating a company email address, usually combining parts of the first and last name of each employee. You might be expecting an email sent by your boss from the email address ASmith, so you might not notice the email is actually coming from ASmith77 or that the domain has been changed from @alpinedental.com to @alpndntal.com. Be on the lookout for small variations like this.
- Look but don’t click. Before you open an attachment or follow a link in an email, make sure the message is coming from a legitimate sender. If you use Gmail, you can simply click on the dropdown menu to see the sender’s email address, and see if the message was sent through a third-party sender. On an Android device, the same information can be found by clicking ‘View security details.’
- Watch for mismatched or misleading URLs, hyperlinks, or attachments. Before you click on any links, hover over the linked text to view where the URL will redirect you. Internet scammers can set up fake websites and make them look legitimate in order to gain information from you like your username, passwords, and credit card numbers. Similar to the slight changes in email addresses mentioned above, these URLs may be variations of sites you would be comfortable visiting. For example, an email might say “Click here to log in to your Gmail account,” with all or some of the words hyperlinked. Hovering over the link will show you that instead of taking you to the familiar gmail.com page, the link will actually redirect you to an identical page at gmail.net-login.com, where any information you enter is being collected.
- Analyze the situation. Before clicking a link or downloading an attachment, take a few minutes to analyze the message and supposed sender. Scammers fill messages with urgent calls to action and threats of legal or financial trouble if you don’t respond right away hoping to play to your feelings of fear and panic. So slow down, read the email, and determine if the contents would likely come from the person sending it. Were you expecting an emailed attachment from the sender? If it’s from someone within your company, is the information coming from the correct person or department? (For example, if the email asks for you to verify information regarding your paycheck, is it coming from the person who handles payroll?) Also look for other clues, like spelling errors, poor grammar, or a tone that just doesn’t seem right.
- Report the email. If you receive a suspicious email, never click the links or open the attachments. If you suspect someone is trying to trick you, don’t communicate with them. Check with your company to find out what they would like you to do with phishing emails you receive.
Email phishing is just one thing you need to be aware of to protect the personal information of you and your patients. For more information on keeping your practice secure, check out our webinar "Everything You Need to Know to Conquer Text & Email Compliance."