Businesses have a lot of data to safeguard. This is especially true with lists of recipients for your marketing campaigns.
We don’t wanna scare you but APWG reports that in March of 2022, there were nearly 400,000 individual phishing attacks, and phishing is likely to outpace the growth of almost any industry with over 1m attacks in Q2 of 2022 alone! 😱
Accessing software to conduct phishing attacks has never been easier. You’ve heard of Saas, but we now have PhaaS and MaaS.
PhaaS: Phishing as a Service
MaaS: Malware and a Service
These services offer access to data-breached email lists in exchange for a subscription fee. Business is booming and likely sustaining the cybercrime market for the foreseeable future.
A lack of technical expertise is one of the leading causes of successful cyber attacks so here are some of the first steps you need to follow to keep you and your client's information safe.
🧠 Knowledge is the best defense
Check for these major red flags in your inbox. They usually mean you are being phished:
- Urgent messages or emails requiring immediate action
- Unusual greetings or grammar mistakes
- Email and URL discrepancies
- Visual or design errors
- Offers that are ‘too good to be true’
1️⃣ Urgent messages or emails requiring immediate action
These emails often request you to change a password or billing information and are almost always malicious. They may even provide a phone number to call so that the phishers speak directly to you and request information like account numbers.
Threats like shutting off a service without payment or unexpected debt repayment are great icebreakers for these bad actors. 🙅♀️
2️⃣ Unusual greetings and grammar mistakes
Easily spotted in the subject line or body of the email, a single letter can give them away. Large companies pay a lot of money to hire writers and editors to ensure there are no mistakes in outgoing communication.
3️⃣ Email and URL discrepancies
Check to see if the sender of the email is really who they say they are. The sender email should correlate to either the brand or person you are speaking to. For example, Shopify Support will send follow up messages from firstname.lastname@example.org . If something doesn’t look right, it probably isn’t.
You can also copy and paste the links from suspicious emails into Google’s transparency tools to ensure that there isn’t any harmful content within the webpage.
4️⃣ Visual or design errors are identified in the company’s logo or signature
Phishers will imitate popular logos with JPG or PNG files. You may also be able to see a background in the image that doesn’t match the color of your webpage.
5️⃣ Offers that are too good to be true
Let’s face it, times are tough, and people want financial relief. Phishers know this and will leverage any personal data obtained through interactions with them to exploit those needs.
When you’re knowledgeable, you’re protected.
Have a discussion with your team about any suspicious activity or what can be done to ensure everyone is equipped to keep you and your clients safe in 2023. 🙏