Phishing attacks are becoming increasingly common. And while simple, they can be incredibly easy to fall victim to. So how can you reduce the risk of being scammed? By knowing exactly what to look for.
Think you’d be pretty good at spotting a scam? You may well be. But phishing scams can fool the best of us. These scams are designed to make us think we’re interacting with a trusted supplier or provider. And the criminals behind them can be very, very convincing.
What typically happens during a phishing attack is that you’ll receive an email, text message, or phone call from a criminal pretending to be a legitimate business. Perhaps that’ll be your business’ internet provider or bank. They may ask you to confirm personal details, or enter your password or PIN into a replica website intended to look like the real thing. And as soon as you do, they’ve got your data.
In the space of just nine months, the Australian Competition and Consumer Commission received over 50,000 phishing reports. And that figure is growing. So – do you know how to avoid a scam?
Spotting a scam
The fact is that no business can ‘avoid’ a phishing scam. Attempts are happening all the time, and unfortunately, there’s really not much any of us can do about it. What we can do, however, is avoid falling prey to an attempt. And the best way to do that is to know what a phishing attempt looks like.
Although phishing communications can look very legitimate, there are often some little telltale signs that give them away. Here are a few things to keep your eyes out for when checking your emails…
Typos & grammatical errors
Many phishing communications are filled with misspelt words and poor grammar. Sometimes, this is due to sloppiness or language issues. Other times, it’s intentional. There’s a theory that criminals make these mistakes to filter out the ‘smarter’ recipients who are less likely to fall for their tricks.
Tone & content
You’ve probably been receiving communications from the legitimate business for some time. How do they speak to their customers? What information do they ask for? If something seems off – if you’re being asked for different types of information or the communication seems different – it probably is.
What address has the email been sent from? Most businesses will use their own dedicated business domain. For example, we use perigonone.com.au. Criminals will often use public email domains, like yahoo.com or gmail.com. Not even Google itself uses Gmail for communications; it uses google.com.
Phishing attacks will try to send you to malicious, data-capturing websites masquerading as legitimate businesses. If you hover over the link, you’ll be able to see where that link is going to take you. Look out for typos in the URL that suggest you’re not going to end up where you think you are.
How to avoid becoming a victim
If you think you’ve received a phishing email, don’t panic. Most of us will get these types of communications at some point. Whether you’re staring at a suspicious email right now – or you don’t want to get caught out in the future – here are some top tips for keeping your business safe.
- Don’t click directly on any links, even if the email looks legitimate. Instead, type the business URL into your browser and navigate to the link destination using the menu. If it’s there, you’ll find it.
- Copy the text of a suspicious email and paste it into Google search. Sometimes, others who have been targeted will share their own experiences, hoping to prevent others from falling victim.
- If you receive a phone call, never share personal information. Instead, call the company back using their main phone number. If they need to speak to you, they’ll put you through to the right person.
Most important of all is staff training and awareness. When your staff know what to look out for, and how to keep themselves safe when operating online, the risk of an attack can be reduced.