Recently, one of our clients received an email from a trusted vendor explaining that the client would need to start sending payments to a new bank account. Our client reached out to the vendor for clarification―and was informed that the vendor’s banking information hadn’t changed at all. They had almost fallen victim to a phishing scam.
Phishing Scams Are Designed To Trick You
“Phishing” is when a scammer lures you into giving up money or sensitive information by pretending to be someone you know, usually via email or text. They may pretend to be a coworker, a business partner, or even a representative from a company like Google; whoever they’re pretending to be, their goal is to get your money or sensitive information.
Recognizing Phishing Early Can Prevent A World Of Trouble Later
If you’ve ever checked your spam folder and noticed fake emails pretending to be from a company like Facebook or Netflix, you’ve been the target of phishing. It might not seem like a big deal, but successful phishing attempts can have wide-reaching consequences. For example, if a phisher gains access to your Netflix account, they can see the last 4 digits of your credit card―and they can use that bit of information to “verify” themselves to gain access to your other accounts.
You may not even be aware of how a phisher is using your information. For example, they might gain access to your email and secretly scrape your contacts list for more potential victims. Or they might ask several of your employees to do a small task such as sending a gift card; once they’ve found an employee who complies, they’ll push them to do tasks that are increasingly detrimental to your business. Even “small” phishing scams can quickly snowball into bigger issues that could cost you tens of thousands of dollars.
These Are The Warning Signs Of A Phishing Attempt
Each phishing attack is different but you should be suspicious of any email or text messages that have any of the following features:
- The message asks for login information, credit card numbers or even personal information such as your birth date.
- The message makes unusual requests (such as adding an unknown administrator to your website or buying gift cards in bulk), usually with a sense of urgency.
- You recognize the sender’s name but it is misspelled or is from a slightly different email address than usual.
- Despite being from a “professional,” the message contains poor grammar and misspelled words.
- The message came from a contact form on your website instead of a direct email from someone you trust.
Take These Steps To Combat Phishing
The best protection against phishing is to stay diligent and think before you answer requests. Familiarize yourself with the warning signs above, and take these steps to prevent yourself from falling victim:
- Never send sensitive information such as logins or bank information via email.
- Never complete a “password reset” that you didn’t request.
- Never click links or open attachments from a sender that you don’t recognize; and check the URL of any link before clicking it, even from trusted senders.
- If you receive an email that feels suspicious or involves money or sensitive data, call a trusted contact at the company in question and ask about it.
For more general tips about recognizing and combating phishing attacks, please check this handy guide from the FTC. It’s a great resource for passing to your employees too!
DMARC Can Prevent Phishing Attacks From Arriving In Your Inbox
If you’re a business owner, it’s important that you inform yourself and your employees about phishing scams and how to deal with them. Unfortunately, even the best employees make mistakes; that’s why it’s important to use every tool at your disposal to prevent phishing scams from even making it to their inboxes. DMARC is one such tool.
DMARC is essentially a digital signature technology that verifies legitimate emails sent from your company, and a set of instructions of what to do with emails that are not legitimate. With DMARC enabled on your email accounts, illegitimate emails will be sent directly to your spam folder or blocked entirely. Crucially, this can also prevent emails that pretend to be your company from making it to other people’s inboxes.
Estland Can Protect Your Brand From Phishing
It’s important not only to protect yourself from phishing attempts but to protect your brand from being soiled as a result of phishing attempts on others. That’s why part of Estland’s Harrisonburg marketing services includes email setup with DMARC, SPF and DKIM enabled by default. In combination with our email deliverability tracking, this ensures deliverability and safety for all of your company’s emails.