Phishing is key tool used by cyber criminals to compromise businesses. People are busy in getting work done and the last thing on their minds is verifying the legitimacy of emails that they receive. They get so many, so who has the time to check? This is what the cyber criminals are counting on.
A common practice is to spoof the sending address of the email, so while it may display the name of the person you know, the sending email address may be different from the supposed sender’s actual address. And if cyber criminals did their homework, they use some social engineering such that the email fits the profile of the supposed sender very closely. Hackers, like other professionals, are continuously improving their craft and getting better.
Depending upon what email platform you use, you may be able to tell by looking at the sender section of the email. With that said, even if it looks like the real sending address, it may still be a phishing email. The person’s mailbox could have been hacked, in which case the hackers will use it to send out phishing emails to all the person’s contacts.
So, let’s say you receive an email supposedly from someone that you know. It looks legitimate on the face of it. Typically, it may have an attachment for you to open, a link for you to click, or request some other action from you, like wiring money. It will usually have a tone of urgency, attempting to trick you into acting quickly without thinking it through. It may for example look like your boss asking you to review the file that is attached, or something of that nature. In short, if you were not expecting the email, do not act on any of the content in the email. Call the person directly to verify, using a contact number that you have on file and do not perform any action referenced in the email.
If they say it’s not theirs, delete the email immediately. If you are in doubt, delete the email anyway. Better safe than sorry. The sender can always resend the email if it was legitimate. Moreover, the supposed sender may very well have been hacked and not even know it, so you would be doing them a good service as well by calling them. At the very least they can check it out on their end to make sure they are secure.
In the rush of getting work done during your workday, it is important to always keep security awareness front and center. Cyber criminals are counting on us to drop our guard and one mistake on your part can be very costly. Always be security aware and watch out for those phishing emails!