Spam emails have evolved over time from easy to spot to cleverly crafted phishing campaigns often able to fool some of the savviest users into believing they are legitimate through the use of realistic graphics, well-chosen domain names, and better writing.
Holiday shopping season is here and cyber criminals will often tailor phishing campaigns to use this to their advantage, crafting emails based on failed parcel deliveries or issues with your credit card, bank account, or Paypal account, knowing that you might be using these services more than usual and an issue with any of them might cause issues with your purchases or cause your business to lose sales if you’re unable to process payments. Threats like these can make even a typically shrewd email user forget best practise and click a link they later wish they hadn’t in a false sense of urgency. To the attacker, that false sense of urgency is mission accomplished.
Before you click that link in an email saying you missed your Amazon or other parcel, think. Are you actually expecting a parcel? Is the email address in the ‘from’ and ‘reply to’ field the same address and correct for the sender? A legitimate business is unlikely to send emails from a version of their domain name that isn’t spelled correctly or substitutes a number for a letter, for example. If you hover over any links in the email, does the URL revealed match the legitimate URL of that company? Does the salutation address you by name? Financial institutions in particular typical address you by name, not with a generic salutation like ‘Dear Customer.’
The best way to protect yourself if you are concerned there could be an issue with an online account is to open a new browser and go to the site directly by typing the URL into the browser. Remember your bank is unlikely to contact you about an urgent matter through email. Any doubt, call their customer service number and check your account on the phone. Check your PayPal account by navigating to PayPal yourself in a browser. Never open attachments in a suspicious looking email as they could be infected with viruses. If a shipping company has your email address, you should have a tracking number for the delivery and should be able to navigate to their site directly to check delivery status. If you don’t have an overdue parcel and a tracking number, assume any contact from a delivery company is a scam. Emails pretending to be from streaming services such as Netflix should also be treated with suspicion around holiday periods.
It’s a good idea to make sure you are using strong, unique passwords on each account as well as having a password policy in your business to enforce strong password use. It’s a good idea to ask staff not to use their work email address for any personal accounts to limit the amount of phishing and spam emails received within your business. One of the best defences against phishing emails is preventing or filtering them before they ever reach a user. If business email addresses are only given out for business reasons they are less likely to end up in spam or phishing campaigns.