Wednesday, April 13, 2016
How to Recognize a Dangerous Phishing Email
By: Blake Perry with Keep IT Simple
How do you know that that rogue email from American Express about an unpaid invoice is real? How about the email from BestBuy, Costco or FedEx? Or the slew of other unsolicited emails you receive daily? Individual consumers are not the only targets made by cybercriminals. Businesses and medical practices are very often targeted by hackers and cybercriminals with emails that are designed to look completely legitimate and real as a form of introducing malware, viruses, and trogans to your computer and practice network. You are often asked to click a link, download an attachment, or provide some personal information or credit card information. This type of scam is called phishing, and is becoming a very real threat to your medical practice.
There are 5 things to look for when reviewing incoming email that can help keep your office and your data safe.
1. Real companies will use your name.
Legitimate emails from legitimate companies in which you have an actual account will always use your name. Emails that start with vague introductions such as “Dear Customer” or “To Whom it May Concern,” or similar context should immediately alert you to something suspicious.
2. Safe emails will come from a registered domain email address.
If you receive an email from a company such as American Express, it should specifically be from firstname.lastname@example.org, which reflects a registered domain email address. Emails from non-registered domain email addresses, such as email@example.com, are almost always dangerous, should be highly avoided, and quickly deleted.
3. Spelling and Grammar
A real email, from a real company, for a real reason, will always be spelled correctly and use proper grammar. For example, if you receive an email from firstname.lastname@example.org that uses a subject line like “You have missed a invoice,” this is considered to be very suspicious and should be promptly deleted. Sometimes the spelling is correct, but the grammar doesn’t quite make sense. If the email seems off and you can’t put your finger on it, it is probably a phishing scam.
4. An actual company will never ask for sensitive information.
Companies that you do business with will never contact you via email to ask for billing information or personal information about you. Never send your credit card number to anyone via email or give any specific personal information about yourself. Once you click send, it’s out in cyberland and will be too late to stop a hacker. If an email you receive asks for any credit card, billing, or personal information without requiring you to sign in to an account you already have set up, stay far away.
5. Legitimate companies will never send you an unsolicited attachment.
Lots of medical practices are receiving emails that look and feel exactly like an email they would normally get, but may include an attachment. There usually isn’t an attachment from a legitimate company. Proper invoices and company information will always be available through a secure portal on a legitimate company website.
It is imperative that you and your office staff begin implementing these critical items into your daily email checks to prevent phishing attacks via email. The number one cause of dreaded ransomware, where your office data is encrypted and the only course of action is to reformat and restore from a backup, is a phishing email. The nastiest virus known to be circulating right now may be sitting in your email inbox waiting for you to mindlessly click that link. Once you click, there’s no turning back. Take the time to educate yourself and your team on how to identify these types of vulnerabilities. If you ever have a doubt or a question about an email, immediately delete it and call the company in question to inquire about the noted issue. If they have no idea what you’re talking about, congratulations, you just avoided what could have been the worst virus infection your office has ever seen.