A phishing email scam that pretends to be from a trusted source and requests that the recipient either open a secure document or change their password. This document, though, prompts you to login at a fake Office 365 login prompt (sometimes even google or yahoo as well), which is used to steal your credentials. It looks just like the legitimate page, except for the URL. It even says the webpage is a secured site!
Example: Mike from your HR department sends you an email needing your bank information for direct deposit as your employer is changing their HR software. There is urgency because payday is 5 days away. You create a new account and enter your checking account with routing information for direct deposit.
It turns out that this email was a complete phishing email and now bad guys have your bank information to steal money. How could you have prevented this? The email was from Mike at work!
A few ways you can avoid this scam:
- Check your URL, the full site link at the top of your browser (see bellow), check to see if it matches the company/website that you’re trying to sign in to. (it might even look correct, but be spelled slightly differently)
- Look at the time in which the email was sent. Was this during an “odd” time when staff would not usually send an email? Would Mike really send an HR email at 2:00 am on a Tuesday?
- If you haven’t requested a password change, don’t click anything in the email, just delete the email.
- Look closely at the attachment title or link addresses before opening or clicking anything. Are any of the words spelled incorrectly in a company’s name? If the web address does not contain a correct name, or misspelled items, it is mostly likely a phish!
- If you ever need to change a password, go to the site yourself and not a link sent through an email (unless you requested a password reset the YOU know about).
- If you are unsure, give us a call!
Have a conversation
It is ALWAYS best to follow-up with correspondence that you are unsure are phishing emails. As the examples, if you are really unsure if it is your employer or not, have the conversation in-person when you arrive at the office the next morning. Ask the appropriate person to confirm if it was indeed she/he sending you an email.
Also, be sure your employees know these red-flags of a phishing/spoof email! It is so easy to overlook the details of an email…ESPECIALLY in this day in age where we are moving faster than sometimes we can even comprehend.
ALWAYS MOVE SLOWLY – We are used to moving so fast we click the wrong thing, respond to the phishing emails and don’t realize it. Take a second, read through and look for the red flags.
Unsure if your IT provider is monitoring your business’s network 24/7? Schedule a free appointment with us. We are glad to have a conversation about the health of your network and more importantly, how we can take the stress of technology/computer issues away from you.
Here are a few Examples of this scam (although some come in a format that will looks like its from a trusted source):