Click With Caution: Don’t Let Phishing Attacks Hook Your Business

5 Sneaky Signs of Email Scams and How to Sink the Threats

Some of the most costly and damaging cyber threats to businesses are also the most rampant and widespread. What’s more concerning is that many of these threats are hiding in plain sight, including the high-traffic communication channel that employees use every day—email.

Picture a typical Monday morning at the office. You open Gmail or Outlook to find many of the usual deliveries: A communication from your supervisor about a report due Friday; an invite to the team lunch on Tuesday; your weekly company newsletter; a notification from your project management app reminding you of the new week’s tasks. Nothing too out of the ordinary, right? But looking closer, the email from Sally Jones in Human Resources to respond immediately for the team lunch next Tuesday seems a little odd. Especially when you work on the accounting team.

This is just a snapshot into why phishing consistently tops the list of the most warned-about cyber threats for businesses year after year. Phishing is widespread and continues to grow more sophisticated. Unfortunately, phishing often works because unaware users—who might not see the signs—are prone to engage with a trusted service like email, wherein lie hidden threats disguised among all the legitimate messages.

What is phishing?
Phishing is a social engineering technique in which cybercriminals pose as trustworthy entities or individuals—a representative from your local bank or a popular online shopping site—to deceive targets and manipulate them into taking specific actions, often for financial gain or unauthorized access to sensitive information.

During Cybersecurity Awareness Month in October, Arvig is working to raise awareness about phishing and other cyber crime and equip businesses and employees with simple tools to prevent the loss of their sensitive personal information and essential business data. Use these practices to educate yourself about phishing and learn how to identify when you or your organization is being targeted.

Phishers try to hook their targets into revealing personal information, such as login credentials, credit card numbers or other sensitive data. They often employ methods such as a well-disguised email—complete with a company logo and official-sounding language—to reel victims into or clicking on malicious links or downloading infected files that allow access to your device or expose sensitive data.

While this blog explores email-based phishing, this type of scam isn’t just contained to email. Phishing takes place on malicious websites, by text message and even over the phone.

Costly clicks
A 2023 study from IT security company Barracuda Networks, the average cost of the most costly email attacks over the past year totaled more than $1.03 million. For larger organizations, the average cost of the most expensive attacks was $1.26 million.

“Email is a trusted and ubiquitous communications channel, and that makes it an attractive target for cybercriminals,” said Don MacLennan, Barracuda’s Senior Vice President of Engineering & Product Management, Email Protection, in a blog detailing the report findings. “We expect email-based attacks to become increasingly sophisticated, leveraging AI and advanced social engineering in their attempts to get the data or access they want and evade security measures.”

Take action today: Scroll and patrol
It takes just one malicious email for the scam to hit its target. At stake could be an employees’ personal information, critical business data or even customer data.

As phishing attacks remain prevalent, email services are catching on, employing their own built-in tools to flag suspicious messages and warn users of scams. Still, savvy scammers are devising more advanced ways for their messages to slip through. Many are tricky to spot, especially if you don’t know what to look for.

Here are five common red flags for email phishing.

1. Suspicious senders: We all get our share of harmless junk mail, but if you’re unfamiliar with a sender, it’s wise to be leery. Review the sender’s email address carefully. Phishers often use email addresses that mimic legitimate organizations but have subtle differences or misspelled domains. Sometimes, just a period or an extra letter can be the difference between a scam and a legitimate message: support@apple.com versus suppor.t@apple.com. See the difference?
2. Direct requests for personal details: A legitimate organization would not directly request your personal information via email. If you’re being asked for your account information or other identifying details, be cautious. Legitimate organizations typically do not ask for sensitive information via email.
3. Urgent or alarming language: Phishing scammers often create a sense of urgency or use threatening language to prompt you to take immediate action, like clicking on a link or providing information. For example: “Click the link to install this vital update before your account is suspended.” If possible, confirm these requests by telephone or, better yet, in person. When in doubt, ask your supervisor before clicking on or replying to such emails.
4. Misspellings and grammatical errors: Phishing emails are often carelessly composed. Watch for oddly worded sentences and writing errors. It could be a sign the message is coming from an illegitimate source.
5. Unusual or unsolicited attachments: Unsolicited emails that contain attachments have a hacker’s fingerprints all over them. A genuine sender usually doesn’t send random attachments. These malicious files are often the source for viruses or other malware.

The bottom line
Technology such as antivirus software and employing the use of multifactor authentication (where two or more types of authentication are used to verify accounts) can be effective against phishing attacks. It’s important to be vigilant. Know and recognize the signs of phishing so you can help your organization detect and avoid these threats.