Fake emails are one of the biggest security threats online against private individuals and companies. Behind these emails are scammers trying to steal your personal information to abuse this. In a survey conducted by Intel Security, 80% of people cannot identify phishing emails.
What is a fake email and what is phishing?
A fake email is a type of fraud. Most of the times so called phishing is used. Phishing is a term for digital spying or “fishing” for sensitive information, such as passwords or credit card information.
A phishing email will try to cheat the receiver into believing the sender of the email is someone else. The email will contain logo and other elements to give the impression its a serious and genuine email. It will encourage you to click the links in the email. These links will lead to what may appear as a serious website, such as Google, DNB or any other companies we deem as secure and trustworthy. In reality you have now accessed a fake website created by the scammers, who will have access to any information you enter on the website.
An increasing issue
Statistics shows that phishing and fake emails is an increasing issue when it comes to security. According to “Enterprise phishing resiliency and defense report” phishing has increased with 65% in 2017. Wombat security reports in “2018 state of the Phish” that 76% of companies had reported being subject to phishing attacks in the past year.
As much as 95% of all attacks on company’s networks are the result of a successful spear phishing attack (an advanced and targeted form of phishing often directed towards companies) according to Networkworld.
There are several precautions you can do in order to avoid being a victim to fake emails and phishing, as a person and a company. An advanced and sophisticated spam filter is the first line of defense since this will stop many of the fake emails. All our web hosting includes spam filter. If you have Pro Premium hosting you also have access to SpamExperts, which is a more advanced and accurate spam filter.
Since the human factor is the weakest link when it comes to this problem, the most important measure you can do is get yourself (and your employees) familiar with some guidelines:
Do not trust senders name
One of the most used tactics for fake emails is abusing the senders name. Do not trust the senders name, but also check the email address as well. If it seems suspicious, do not open the email.
Look, but do not click
If the email contains links, hover the mouse over these to check where they lead but do not click. If the link appears suspicious, do not click them.
Check for spelling mistakes
Companies and organizations are meticulous with their emails. Serious emails normally do not have spelling mistakes or poor language.
Analyze the subject
If the email is addressed to “Dear client” it could be a sign of a fake email. Companies and organizations normally use a greeting including at least the first name of the client.
Do not give out personal information
Banks and companies with access to sensitive information will never ask you to provide this information via email.
The use of “urgent” or any threatening language in the subject
Giving the impression the email is urgent or using fear is a tactic often used in phishing emails.
Check the signature
Lack of details regarding the sender and how you can contact the company is often a sign of phishing. Serious companies will always include their contact information.
Do not open attachments
Fake emails often include attachments with malware. If you open this it can destroy files on your computer, steal your passwords or even spy on you without your knowledge. Do not open attachments you did not expect to receive.
These fake emails have become highly sophisticated. Even though an email has the company’s logo, correct spelling and appears to be a valid email, this does not mean it is. Be skeptical and if you find an email to be suspicious, do not open it.