Phishing and Email Best Practices
Simple Security Steps to Avoid Getting Phished by Email Fraud
Being a victim of phishing can lead to theft of money, property, and identity. Fortunately, these fraudulent emails can be neutralized with a few simple steps.
Phishing has become a generic term for fraudulent emails intended to steal information and/or funds from the recipient. Phishing can lead to theft of money, property, identity, and damage to credit and reputation. These emails generally take one of the following two forms:
- A message imitating a well-known brand;
- A personal appeal for funds promising a quick return based on the wealth or connections of the sender.
According to the security firm Marshal, PayPal currently leads all other brands as a target for phishing. As far as geography, the leading source of phishing is Europe, with the top offending country being South Korea. While anyone with an email account is a potential victim, a few simple steps on the part of the email user can provide almost 100% protection against becoming the victim of a phishing scheme.
The Best Defense Against Phishing Is Never Clicking or Replying
While some fraudulent emails are easy to detect, others are very sophisticated and detailed in their deception. For instance, the sender can look legitimate, the subject line can be credible, and the links and logos within the email can all match those of the brand being imitated. For the sake of the latter case, every email from a known brand requesting information should be treated with suspicion. Never click a link within the email, but rather use a search engine to find the organization's Web site. Better yet, type the URL directly into the browser's address bar. On the same note, never reply to the email, but rather use the contact page on the organization's Web site to email or phone a response.
Beware of Verification
One standard approach for fraudulent emails is a simple request to verify account information or identity. The message is brief, matter of fact, and chances are that the recipient has done business with the brand being represented. Requests for account or personal verification should sound the alarms that the recipient is being phished.
Beware of Urgency
Phishing schemes are always urgent in tone and action. The purported results of ignoring the email are along the lines of access to funds being frozen, accounts being closed, and large sums of money being lost. If the email is demanding that the recipient immediately log in to an account and provide information, it should be deleted. If there is still uncertainty, the recipient should find the organization's Web site using a browser.
Grammar and Spelling Errors Are a Sign of Being Phished
Unlikely though it may seem, email messages being used for phishing often have grammar and spelling errors. Conventional wisdom suggests that criminals intent on deceiving email users would craft careful scripts, though this is not the case. Many fraudulent emails contain misspellings of very common words, and sentences that reflect a lack of understanding of the English language. Any organization that values their brand would obviously not permit this type of communication.
Being a victim of phishing can have painful and lasting consequences. Fortunately, this type of crime can be easily prevented with a few simple steps. One can also hope for many discouraged criminals.
