Phishing email scams are among the common scams in circulation. Essentially, they’re created to trick you into believing they’re from a trustworthy source—a friend, perhaps, or a corporation. Their creation and designs are often sophisticated. In many cases, they look identical to legitimate emails from legitimate companies, and that’s how they trick you.
The point of a phishing scam is to trick you into believing you’ve received a legitimate email. The emails might offer incredible savings or warnings. They always include a link of some sorts. Tricking or persuading you into clicking the link is the point of the scam. Clicking the link can infect your computer or device with malware, which can put your personal information at risk. Collecting this information—often to perpetrate identity theft—is ultimately the point of a phishing scam.
The Impact of Phishing on Business
Since phishing scams are so effective, they’re on the rise. As a result, they affect millions of people. The Anti-Phishing Working Group, an organization dedicated to tracking scams and educating people, state that phishing scams increased by 65% between 2015 and 2016. In those years combined, phishing scams affected nearly 2 million people.
These scams cost millions, especially for American businesses. According to statistics, the average business with upwards of 10,000 employees spends more than three and a half million dollars a year combating phishing scams. Combined, businesses in America alone lost over 500 million dollars every year to or fighting phishing scams.
Most people are connected online in some way. Businesses these days rely on the internet for a variety of reasons. Since so many people are connected, scams of all varieties, including phishing scams are rising. Mega corporations such as Apple, Google, and Equifax are susceptible to them. No one is immune from them. Recently, news of the breach at Equifax have riled citizens and politicians alike.
Tips to Keep Yourself Safe from Phishers
This is a layered approach to security, one you’ve probably encountered. Essentially, a 2-step authorization adds a failsafe to websites holding your personal information. Many websites offer this approach, and you should take them up on their offer. Here’s how it works: you punch in your username and password. Then you’re directed to a screen asking you to input a security code. The most common means of receiving this code is via text messaging. A few seconds after you’re directed to this screen, you should receive a text with the security code. Entering the code verifies your identity. It’s a great added layer of security. Take advantage of it whenever a site or app offers it.
Check the Sender’s Address
As we mentioned in the opening section, phishing scams work because they replicate emails from legitimate sources—some even down to the HTML coding. As a result, many fraudulent emails are indistinguishable from legitimate ones. Sometimes, scanning the email alone might not alert you to the fact that it’s a scam. One way of discerning the legitimacy of the email is to check the sender’s address. Major corporations use addresses associated with their companies—and they use .com, .org, .co.uk, etc. Phishing scams use bogus email addresses that are easily detectable as fake. If you receive an email from Amazon warning that you’re account has been suspended, and the email was sent from email@example.com, then it’s safe to assume this is a phishing email. Mark it as junk and delete it promptly.
Be Wary of Urgent or Emergency Emails
Quick! Act! Don’t think! Something terrible has happened or is about to happen, to your account, and you must address it immediately. Don’t think! Click this link! This is the gist of many phishing emails. They use language to create a sense of urgency to manipulate you into lowering your guard and clicking a link. The point of emails with strong language is to prevent you from thinking and to convince you to click that link as quickly as possible. Whenever you receive an email that creates some sense of urgency, then you should raise your guard and scrutinize it.
Look for “HTTPS”
Websites these days incorporate a layer of cyber security into their designs and servers. The key to identifying which sites are operating on secure servers is to check the URL. All URLs begin with “HTTP” or “https.” You should only input personal information—including username and passwords—into websites with “https”—the “s” means the site is secure. Never put your personal information on sites with a URL beginning with “HTTP.” These sites are not secure. Entering your information might immediately compromise it.
Enroll Yourself in Security Training Classes
Businesses now exist to educate people in cybersecurity and identifying online scams such as phishing. These online cybersecurity classes are designed to educate and inform. They equip people with the knowledge to battle phishing scams. Many training classes are offered online. They’re great resources, and you should consider using them.
It’s easy to fall for a phishing scam. Millions of people do it. These scams are engineered and released by sophisticated scammers with one objective: to obtain your personal information, often for fraudulently accessing money in your name. Identifying phishing scams is key to avoiding them. Knowledge, as they say, is power.
Steve Orowitz is a recently retired small business operator and is now a consultant. He is passionate about entrepreneurship, travel, and technology. When he isn’t consulting, you can usually find him out on the river with his fly rod, or hiking in the hills near his home in Fort Collins Colorado.