This real incident happened in the year 2016 – ‘Three employees at the University of Kansas failed to receive their recent paychecks, only later they realized they were deceived by the fraudsters.’
One day, the employees at the University of Kansas received an e-mail, asking them to update their payroll information. The scammers had used this information to change the account numbers of the direct deposits in the university’s payroll system. Five employees responded to the phishing e-mail and three of them had their pay affected.
Did you or your organization suffer a cyber-attack recently? Then there are chances that it might have been caused by a user, who opened the email and clicked on something, he shouldn’t have! According to a report by Verizon, Phishing is the top delivery vehicle for ransomware and other malware. It is because, the attackers are good at crafting convincing messages that influences the users to click on the link.
You get hundreds of Phishing emails into inbox year-round, but how would you spot on if it is a Phishing email? Here are a few tips to identify the ‘fishy’ email and escape the attack.
1. Mismatched URL
Hover your mouse over the top of the URL in the email and see if the actual address and the hyperlinked address are the same. If there is a difference in the address that is displayed, then the message is undoubtedly a fraudulent email.
2. Check the last part of the domain name
The last part of a domain name exposes the entire story. For example – www.about.domainname.com is the sub-domain of domainname.com but if the URL reads as www.domainname.malliciousdomain.com then you definitely need to stay alert. Always read the domain on the right-hand side, to stay sure that you click on the right domain.
3. Check if the message has a Poor grammar or spelling
A reputed company checks for any spelling & grammar before sending out any email that is sent on behalf of the company. So, if you find the email to be filled with grammar errors or spell errors, it is most probably a phishing email.
4. The Message seeks personal information
Never share your personal information with anyone. Eg. If the email is requesting your bank’s account number, in the disguise of your bank’s name, just imagine, why would your bank ask for your account number, when it already knows your account number? A reputable company never asks for your passwords, bank details or to answer any of your security questions.
5. Don’t fall for Big Promises
A phishing email might mention that you have won a huge amount of money in a lucky draw or you have won a lottery. Think twice, if you have ever bought a lottery? You might also receive a message that you have won a contest that you did never enter. I bet, these are a few scam messages that all of us would have received. Never fall prey to it!
6. Anything that looks unreal
If you feel that you have received an email, which is totally irrelevant to you, don’t worry, just ignore them! Including malicious attachments that contain viruses and malware is the most common phishing tactic, so don’t ever believe what you see!
It is always better to stay safe now than feel sorry later!