The phishing scam:
Your company’s CFO is speaking at a conference and you get an email from the CEO saying a new vendor needs to be paid immediately. However, the CEO can’t reach the CFO because she is on a plane so he needs your helps sending the money to the vendor ASAP. You open the email and send the money only to find out it wasn’t actually the CEO that contacted you, but instead a scammer.
Situations and phishing emails like this show how advanced scammers are getting nowadays. They research you and your company through LinkedIn and different websites. Then they contact you with an emergency request.
Phishing scams don’t just get money and information from your business, you also need to watch out for them in your personal email. Recently, a Netflix phishing scam has made headlines. An email that appears to come from Netflix says your account has been suspended due to a problem with your billing information. It offers a link which takes you to what looks like a Netflix landing page. However, it isn’t and you end up giving personal information and a payment method to a scammer.
How to avoid being scammed:
Hybridge receives daily inquiries from our clients asking if certain emails are fake. Our usual response is, “Never click on or believe anything in an email ever” and “If it looks suspicious, it is most likely a scam.” However, there are some key aspects to look out for that guarantee that email you’re questioning is a phishing scam.
- Display name and email address - The display name is one of the easiest ways to tell if an email is real or not. Scammers try using the names of your colleagues or vendors you use to trick you. Many of our clients see these emails come with familiar names so it appears to be fine. However, if you look closer, you will notice that although the Display Name is recognizable, the email address connected to the display name is not. Many times it will be a random email address with a domain name that doesn’t fit. For example, if you received an email from your bank, the email address should come from your bank's actual domain (@svb.com), not a random domain.
- Odd links and attachments - Never click on the link or open an attachment! This is the easiest way for a scammer to get information from you or infect your computer and files. There is a way to check if the link is legitimate. Hover your mouse over the link and see if the URL that appears matches. You can also try searching for the company, domain name, or URL in a separate tab on your browser. However, best practice is to just not click on anything.
- Unusual requests - Watch out for any emails that asks you to perform something unusual such as resetting a password, sending personal information, or sending payment. Banks and legitimate companies will provide instructions on how to contact customer support or login to your account without clicking an odd link.
- Threats and “immediate action” - If you receive an email threatening that your account will be closed, your mailbox is full, or you need to send payment or take “immediate action”, it is most likely a phishing scam. To double check on emails like this, follow up with the company or contact separately. For example, with the Netflix situation, login to your account (through a separate window by going to netflix.com) and see if you have an outstanding bill. You can also try calling customer support through the main line listed on their site.
If you are a Hybridge client and have accidentally clicked on a link or corrupted attachment, call us immediately and we can run antivirus checks for you. We are also more than happy to look into a suspicious email and provide our professional opinion.
If you have any questions about spam emails and what to look out for, contact us at info @ hybridge.com or 888-353-1763.