What are Email Phishing Scams?

Email Phishing Scams, or more commonly known as just “Phishing”, is a cybercrime where potential targets are contacted by email, phone or text by someone pretending to be a legitimate entity to lure victims into providing sensitive data like personal info, banking details and passwords.
The information is then used to access important accounts and can result in identity theft and financial losses.

Email Phishing Scams: Signs to Look for

• Special offers and attention-grabbing statements are designed to attract people’s eye immediately. Many claim that you have won a new phone, a lottery, or some other crazy prize. DON’T click on any suspicious emails. Remember that if it seems too good to be true….it is indeed too good to be true.
• Cybercriminals love to ask you to act fast because these too good to be true deals are only for a limited time or that you only have a few critical minutes to respond before the deal expires. When you come across these kinds of emails, the best thing you can do is ignore them. These frauds will tell you that your account will be suspended unless you update your personal details immediately. Most reliable organizations give you plenty of time before they terminate an account and they never ask patrons to update personal details via email. If something seems “phishy”, visit the source directly instead of clicking the link in the email.
• A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling. “www.bankofarnerica.com”. One wrong keystroke could send you to a “typosquatter’s” look-alike site that can install malware, steal sensitive personal and financial information, or even lock up your computer. An example of this is espn.cm.
• If you see an attachment in an email you weren’t expecting or that doesn’t make sense, don’t open it! They often contain things like ransomware or other viruses. The only file type that is always safe to click on is a .txt file

So How Can Gmail help prevent me from falling victim to email phishing scams?

We are so glad you asked!

Google officials have said that at least 50 percent of the messages the Gmail system receives are spam, and its new phishing defenses will automatically delay a small percentage of messages that are suspected of being phishing.

“Our detection models integrate with Google Safe Browsing machine learning technologies for finding and flagging phishy and suspicious URLs. These new models combine a variety of techniques such as reputation and similarity analysis on URLs, allowing us to generate new URL click-time warnings for phishing and malware links,” Andy Wen, senior product manager, counter abuse technology, said.

Google also has added a feature to Gmail that will warn corporate users when they’re replying to someone outside of their domain. The idea is to prevent users from sending sensitive information inadvertently to people who shouldn’t be receiving it. Gmail now also includes better protections against malware arriving in email messages, too.

“With new built-in defenses against ransomware and polymorphic malware, Gmail now blocks millions of additional emails that can harm users. We classify new threats by combining thousands of spam, malware and ransomware signals with attachment heuristics [emails that could be threats based on signals) and sender signatures (already marked malware],” Wen said.

The one mistake companies make that leaves them vulnerable to phishing attacks is:

Not having the right tools in place and failing to train employees on their role in information security. Employees possess credentials and overall knowledge that is critical to the success of a breach of the company’s security.. A phisher’s success relies heavily upon establishing trust with its targets.

Here are a few steps a company can take to protect itself against phishing:

• Educate your employees! Especially about sensitive information. Conduct training sessions with mock phishing scenarios.
• Deploy a SPAM filter that detects viruses and blank senders.
• Keep all systems current with the latest security patches and updates.
• Install antivirus software and monitor the antivirus status on all equipment.
• Develop a security policy that includes password expiration and complexity. Remember, DO NOT share password information through email!
• Deploy a web filter to block malicious websites.
• Encrypt all sensitive company information.

Informed employees and properly secured systems are key when protecting your company from phishing attacks. Put this into practice!

For more tips on Phishing from Google, visit the support link below.

https://support.google.com/websearch/answer/106318?hl=en

To learn more about how Google & G Suite can keep your business secure, schedule your free consultation!