This is a guest post by David Lukić is an information privacy, security, and compliance consultant at IDstrong.com.
Phishing is the most common cyberattack today.
It is a process by which cybercriminals obtain sensitive information for unsuspecting victims by sending fabricated, fraudulent messages designed to make them feel like they are divulging such information to a credible entity. It is also used to deploy malicious software that can provide surveillance on the sites navigated and sensitive information entered by the victim.
This information can be used to carry an endless stream of scams. Phishing has become a problem that must be taken seriously by marketers. Customers that have had a direct phishing experience or have heard stories are likely to be more suspicious of any message sent to them. Hence, marketers must pay attention to ensuring that their emails and other messages stand out as more credible among possible scam messages.
The Need to Be Concerned
At least 75% of organizations in different countries worldwide had experienced a minimum of one phishing attack in 2020. 74% of those aimed at US businesses were booming. Phishing presents the most prevalent financial fraud in the United States, according to research by the FBI’s Internet Crime Complaint Centre (IC3).
Between the second and third quarters of 2020, there was a 15% increase in business email compromise (BEC) attempts. The number of phishing sites is on the rise, and their ability to interfere with company-customer communications can lead to data breaches and enormous losses for organizations. These were put effort into composing emails that closely resemble what would be expected from a credible source.
They even include attachments to which they attach malicious software. Microsoft has the most significant number of impersonation attempts globally. If such a well-established organization can be impersonated, it should not be all that difficult to do the same for smaller brands.
Qualities of Phishing Emails
Phishing emails are composed to look believable. However, paying attention to specific details in the emails will expose them as fake—some things to look out for in a phishing email include.
- Grammatical and spelling errors which are not expected of a brand that takes their identity seriously.
- Look out for the catch where they directly ask for money as they always do.
- Unrealistic demands and threats are standard features of phishing emails. They might make statements about a need for speed to prevent the closing of your account in an unrealistically short period.
- Check for URL mismatch by hovering your cursor over the link in the email.
- Request for sensitive information over email is an obvious red flag. Financial institutions know better than to do that.
Fear of Phishing? How to Prevent Your Emails from Looking Like Phishing
Marketers need to help their prospective and actual clients identify them amongst scam messages. Here are a few tips to consider.
- Provide Context: Having established that phishing emails are essentially rushed and lack a strong foundation, you should be able to give context to your message. Do not be too brief or too long either. Be specific when referring to your customer and explain why they are receiving the message.
- Provide options for validation: Your email should contain a link to your website and contact information for customers to call in for verification. You should have a functional customer care desk or hat service. The members of your customer care team should also be notified about what messages you are sending out. This will enable them to answer calls correctly.
- Avoid using attachments: Unless necessary, avoid using attachments in mass emails, as this causes your email to be viewed as spam. Also, recipients that are informed know to view emails with attachments as potential sources of malware. A link to your website would always be preferred.
- Avoid linking to external party websites and using the Blind Carbon Copy (BCC) line.
Take my advice, and don’t hang out a sign through your email campaign that screams – gone phishing.
David Lukić is an information privacy, security, and compliance consultant at IDstrong.com. Their passion for making cybersecurity accessible and exciting has led David to share his knowledge.
Photo by Bermix Studio on Unsplash
Photo by Matt Seymour on Unsplash
