The latest phishing scams being crafted are designed to look like they are coming from large reputable companies like Verizon, AT&T or USAA. The graphics in the fake emails are identical to the legitimate emails. They get you to click their links to “update your information” and before you know it, you have given them everything they need to apply for credit cards or set up another identity with your information to make purchases, apply for loans, etc.
The good news is that it is very simple to tell if the emails are fake by taking notice of the sender’s email address. Don’t get fooled by the Display Name alone. The email address should match the display name. This is more difficult on mobile devices because you will only be able to see the display name. However, it is fine to click the email just to verify the email address. When in doubt, call or email your IT department to verify for you.
In addition to the sender’s email address, you should be able to tell that an email is from a hacker based on the wording in the emails. There is usually a sense of urgency and the use of threats to motivate you. For instance, “We will cut you off from a service unless you click the link”. Words like “De-activate!”, “Suspend!” and “Shut down!” are commonly used as scare tactic words. A legitimate company will not use this verbiage. See samples below of real versus fake.
I strongly encourage you to train your employees well to look out for phishing attacks and other potential cyber threats. Your policies should include requirements for this kind of training. If you need help with those policies or recommendations for bringing in outside IT training, please do not hesitate to contact me.