How to recognize a phishing email attack

If you don’t know what a phishing email attack is yet then you may have been stranded on an island for a while. Well, welcome back to civilization it’s good to have you back.

Phishing is a sophisticated type of email campaign designed to trick you into giving up your personal information like banking credentials or ask you to buy things that can be used as digital currency like game cards and cryptocurrency.

If you are wondering how they get your email address here is a quick explanation: the hackers use programs which search the internet for the @ symbol which is common in all email addresses. They also look for names and titles so they can impersonate your boss or IT team members. They can also acquire them legally or illegally by buying email lists. If you have ever signed up for a subscription, did not read the privacy policy then just clicked “I agree” at the end then your email address is out there on a list somewhere. They can also get your email from your friends or colleagues if their computers have been infected with malware.

A recent scam email I encountered from a client was an email asking the recipient to buy some Ebay gift cards in the $25 to $200 dollar range. The instructions were to scratch the codes, take pictures of the codes and email the pictures to the email provided.

There are red flags all over this email:

1. Wrong email address from sender. In this case it was “executivedirector8852@gmail.com”
2. The request to buy gift cards, scratch them and send the codes to another email address.
3. Bad grammar.

The obvious reason for this request is so the hacker can sell the codes or use them to buy things from Ebay.

In this case the recipient is a very nice person who almost carried out the request because it was from her boss. It was the request that bothered her because it was so unusual.

Other emails like this may have threats attached like buy the cards or we will report you to the IRS or to the police for something you did. Or better yet to pay your taxes with the gift cards. I do not believe any government would ask to be paid in gift cards.

So phishing emails are not always a virus or ransomware attempt; but can be. Many of these phishing attacks are just scammers (criminals) trying to either acquire sensitive information or just money in some transferable form like gift cards or cryptocurrency.

Until we have something more secure than email for our business communications then we will have to educate ourselves and our staff to prevent these attacks. So be vigilant, observant and skeptical when you are reading your morning emails.

Stay safe out there.