{"id":7091,"date":"2019-03-01T13:01:46","date_gmt":"2019-03-01T18:01:46","guid":{"rendered":"https:\/\/tcn.tidbits.com\/?p=7007"},"modified":"2019-03-02T12:29:13","modified_gmt":"2019-03-02T17:29:13","slug":"top-5-ways-to-identify-scam-email-messages","status":"publish","type":"post","link":"https:\/\/www.macworks.com\/blog\/top-5-ways-to-identify-scam-email-messages\/","title":{"rendered":"Top 5 Ways To Identify Scam Email Messages"},"content":{"rendered":"<p>A significant danger to businesses today is <i>phishing<\/i>\u2014the act of forging email to fool someone into revealing login credentials, credit card numbers, or other sensitive information. Of course, scam email phishing is a problem for individuals too, but attackers more frequently target businesses for the same reason as bank robber Willie Sutton\u2019s apocryphal quote about why he robbed banks: \u201cBecause that\u2019s where the money is.\u201d<\/p>\n<p>The other reason that businesses are hit more often is that they have multiple points of entry\u2014an attacker doesn\u2019t need to go after a technically savvy CEO when they can get in by fooling a low-level employee in accounting. So company-wide training in identifying phishing attempts is absolutely essential.<\/p>\n<p>Here are some tips you can share about how to identify fraudulent scam email phishing messages. If you\u2019d like us to put together a comprehensive training plan for your company\u2019s employees, get in touch.<\/p>\n<h3>Beware of email asking you to reveal information, click a link, or sign a document<\/h3>\n<p>The number one thing to watch out for is any email that asks you to do something that could reveal personal information, expose your login credentials, get you to sign a document online, or open an attachment that could install malware. Anytime you receive such a message out of the blue, get suspicious.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-7009\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages.png\" sizes=\"auto, (max-width: 850px) 100vw, 850px\" srcset=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages.png 1024w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/attachment-phishing-300x118.png 300w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/attachment-phishing-768x302.png 768w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/attachment-phishing-1080x425.png 1080w\" alt=\"\" width=\"850\" height=\"335\"><\/p>\n<p>If you think the message might be legitimate, confirm the request \u201cout of band,\u201d which means using another form of communication. For instance, if an email message asks you to log in to your bank account \u201cfor verification,\u201d call the bank using a phone number you get from its Web site, not one that\u2019s in the email message, and ask to speak to an account manager or someone in security.<\/p>\n<h3>Beware of email from a sender you\u2019ve never heard of before<\/h3>\n<p>This is the email equivalent of \u201cstranger danger.\u201d If you don\u2019t know the sender of an email that\u2019s asking you do something out of the ordinary, treat it with suspicion (and don\u2019t do whatever it\u2019s asking!). Of course, that doesn\u2019t mean you should be entirely paranoid\u2014business involves contact with unknown people who might become customers or partners, after all\u2014but people who are new to you shouldn\u2019t be asking for anything unusual.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-7014\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages-1.png\" sizes=\"auto, (max-width: 851px) 100vw, 851px\" srcset=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages-1.png 1024w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/unknown-sender-phishing-300x88.png 300w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/unknown-sender-phishing-768x224.png 768w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/unknown-sender-phishing-1080x315.png 1080w\" alt=\"\" width=\"851\" height=\"248\"><\/p>\n<h3>Beware of email from large companies for whom you\u2019re an anonymous customer<\/h3>\n<p>Attackers often forge email so it appears to come from a big company like Apple, Google, or PayPal. These companies are fully aware of the problem, and they never send email asking you to log in to your account, update your credit card information, or the like. (If a company did need you to do something along these lines, it would provide manual instructions so you could be sure you weren\u2019t working on a forged Web site designed to steal your password.)<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-7008\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages-2.png\" sizes=\"auto, (max-width: 850px) 100vw, 850px\" srcset=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages-2.png 1024w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/Apple-phishing-300x161.png 300w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/Apple-phishing-768x412.png 768w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/Apple-phishing-1080x579.png 1080w\" alt=\"\" width=\"850\" height=\"456\"><\/p>\n<p>Since sample email from large companies is easy to come by, these phishing attacks can look a lot like legitimate email. Aside from the unusual call to action, though, they often aren\u2019t quite right. If something seems off in an email from a big company, it probably is.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-7010\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages-3.png\" sizes=\"auto, (max-width: 851px) 100vw, 851px\" srcset=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages-3.png 1024w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/PayPal-phishing-300x254.png 300w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/PayPal-phishing-768x651.png 768w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/PayPal-phishing-1080x915.png 1080w\" alt=\"\" width=\"851\" height=\"721\"><\/p>\n<h3>Beware of email from a trusted source that asks for sensitive information<\/h3>\n<p>The most dangerous form of this sort of attack is <i>spear phishing,<\/i> where an attacker targets you personally. A spear phishing attack involves email forged to look like it\u2019s from a trusted source\u2014your boss, a co-worker, your bank, or a big customer. (The attacker might even have taken over the sender\u2019s account.) The email then requests that you do something that reveals sensitive information or worse. In one famous spear-phishing incident, employees of networking firm Ubiquiti Networks were <a href=\"https:\/\/krebsonsecurity.com\/2015\/08\/tech-firm-ubiquiti-suffers-46m-cyberheist\/\" rel=\"noopener\">fooled into wiring $46.7 million<\/a> to accounts controlled by the attackers.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-7012\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages-4.png\" sizes=\"auto, (max-width: 850px) 100vw, 850px\" srcset=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages-4.png 1024w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/spear-phishing-300x62.png 300w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/spear-phishing-768x159.png 768w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/spear-phishing-1080x223.png 1080w\" alt=\"\" width=\"850\" height=\"175\"><\/p>\n<h3>Beware of email that has numerous spelling and grammar mistakes<\/h3>\n<p>Many phishing attacks come from overseas, and attackers from other countries seldom write English correctly. So no matter who a message purports to come from, or what it\u2019s asking you to do, if its spelling, grammar, and capitalization are atrocious, it\u2019s probably fraudulent. (This is yet another reason why it\u2019s important to write carefully when sending important email\u2014if you\u2019re sloppy, the recipient might think the message is fake.)<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-7013\" src=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages-5.png\" sizes=\"auto, (max-width: 850px) 100vw, 850px\" srcset=\"https:\/\/macworks.com\/blog\/wp-content\/uploads\/2019\/03\/gone-phishing-five-signs-that-identify-scam-email-messages-5.png 1024w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/spelling-phishing-300x148.png 300w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/spelling-phishing-768x380.png 768w, https:\/\/tcn.tidbits.com\/wp-content\/uploads\/2019\/03\/spelling-phishing-1080x534.png 1080w\" alt=\"\" width=\"850\" height=\"420\"><\/p>\n<p>One of the best ways to train employees about the dangers of phishing is with security awareness testing, which involves sending your own phishing messages to employees and seeing who, if anyone, falls for it. Again, if you need help doing this, let us know.<\/p>\n<p>Want to read more? We suggest our other recent article: &nbsp;<a href=\"https:\/\/macworks.com\/blog\/dont-panic-if-you-get-blackmail-spam-containing-a-familiar-password\/\" rel=\"noopener\">Don\u2019t Panic If You Get Blackmail Spam Containing A Familiar Password<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A significant danger to businesses today is phishing\u2014the act of forging email to fool someone into revealing login credentials, credit card numbers, or other sensitive information. Of course, scam email phishing is a problem for individuals too, but attackers more frequently target businesses for the same reason as bank robber Willie Sutton\u2019s apocryphal quote about [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7092,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[184,69,108,112,185,109,815,104],"tags":[786,862,787],"class_list":["post-7091","post","type-post","status-publish","format-standard","has-post-thumbnail","category-apple-consultants","category-apple-consulting-ct","category-mac-support","category-mac-support-ct","category-mactech","category-malware","category-managed-services","category-security","tag-malware","tag-phishing","tag-scams"],"_links":{"self":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/7091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/comments?post=7091"}],"version-history":[{"count":2,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/7091\/revisions"}],"predecessor-version":[{"id":7095,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/posts\/7091\/revisions\/7095"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/media\/7092"}],"wp:attachment":[{"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/media?parent=7091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/categories?post=7091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.macworks.com\/blog\/wp-json\/wp\/v2\/tags?post=7091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}