Cybersecurity experts warn that email scams are becoming much harder to spot, putting businesses at risk. Scammers target businesses since they have the most abundant resources to steal.
Cybercriminals know that taking control of a business network can create a high-stakes situation for an organization’s leadership. This can lead to big ransomware payouts if leaders panic, or easy paydays from social engineering scams.
Practicing proactive cybersecurity rather than waiting for an attack to happen is essential. The acronym SLAM (sender, links, attachments, message) can help you spot phishing emails and avoid scams.
Sender: Spotting Phishy Email Addresses
Scammers know that you’re unlikely to fall for an email from a random email address. They make email addresses that look like real services and businesses to trick you into thinking they're real.
Fake addresses might have a zero instead of an “o”, or a lowercase “L” instead of an uppercase “I”. Sometimes, threat actors will add harmless words like "Support" or "HelpCenter" to regular business names. This makes them look like social media sites or other services trying to contact you. Some examples of fake email addresses posing as real companies are:
- FacebookSupport
- MicrosoftHelpDesk
- ChromeAccountCenter
- Hubspot_customerhelpline
Keep in mind when you receive emails from addresses like these if you’re expecting an email from that service. If you’re not, you should be highly suspicious that it’s a social engineering scam.
Links: When In Doubt, Don’t Click!
A good rule to follow is to avoid clicking links within emails whenever possible. These links are often vehicles for malware to infect your computer or steal your data. Any unexpected emails that urge you to click a link should raise a red flag.
You can check the address of a link by hovering your mouse over it. Attributes to look out for when vetting an unknown URL include:
- Whether it is leading to a page it says it is
- Misspellings
- Unexpected password reset links
If you’re unsure about whether a link in an email is malicious, don’t click it. Instead, it's always best to check the native website or app to verify if it’s a real message.
Attachments: Inherently Risky to Network Security
Attachments should cause concern when they’re coming from an unknown source. Only open them if you recognize the sender’s address and are expecting their email. Files like Excel, Word, or PDFs can have harmful software that infects your device or steals personal data. This makes them inherently dangerous if you’re not completely sure they’re safe.
Message: Cyber Threats Disguised as Customer Service
The ironic tricks cybercriminals will pull include emailing you saying you’ve been hacked. They often ask you to do something to reveal your credentials like resetting your password. Other common phishing scams might look like:
- Tech support for a service or social media platform asking you to verify personal information (angler phishing)
- Quizzes or surveys to enter a contest or get a sales promotion
- Overly personalized emails using information specific to you (spear-phishing)
- An email posing as a high-level executive in your company asking for a favor (whaling)
Beware of these messages, as they are specifically designed to elicit a response or desired action so scammers can steal your information. To read more about cyber readiness for email scams, read our article: Top 6 Email Security Tips for Employees.
Consequences of Successful Phishing Attacks
When cybercriminals get you or your employees to fall for a phishing scam, they can use stolen information to sell on the dark web. There is a growing market for stolen credentials, often referred to as the business of cybercrime.
Phishing scammers will also get victims to wire money or send gift card numbers, which they’ll immediately convert into hard-to-trace cryptocurrency.
How Data Security Regulations Factor In
Some industries are especially vulnerable to cyber attacks since they deal with sensitive data. In recent years, regulatory authorities have revised cyber regulations surrounding consumer data protection, imposing more requirements on businesses.
Industries like healthcare and finance have seen harsher consequences for neglecting cybersecurity since these breaches are especially harmful. Many businesses lack the basic tools for fending off attackers, so regulators are cracking down in response.
The NY State Attorney General fined a home healthcare company over $300,000 for negligence that caused an attack. For the finance sector, FTC safeguard rules now also apply to automotive dealerships.
How to Approach Cybersecurity Risk Management
As cyber-attacks continue to harm businesses every day, you’ll need to have a proactive approach to cybersecurity tools. This means taking the time to learn about the threats that are out there and ways to reduce the risk of a network breach. Some cyber security must-haves include:
- Implementing multifactor authentication (MFA) into your network infrastructure
- Enforcing the use of strong passwords and frequent resets
- Requiring regular cybersecurity awareness training for employees through your managed cybersecurity provider
- Getting cyber insurance and ensuring you meet the minimum requirements
- Partnering with an MSP that can perform a network assessment to determine weak points
- Using dark web scanning tools to determine if your data has been stolen.
To find out if your credentials are already circulating the dark web, you can get a free dark web scan here. To learn more about outsourced tech support to guide you on cybersecurity and network assessment tools, click here.
If you’re unsure how to upgrade your cybersecurity strategy and tools, click the button below to access our free cybersecurity checklist. You'll be able to learn the basics and enhance your strategy with our cybersecurity essentials PDF on mitigating risk.
