As technology advances, so do the scammers. They are becoming more professional in pursuit of obtaining access to user accounts and getting control of victims' devices to perform malicious intents.
Recent client reports claim phishing emails have been received from a cyberattacker pretending to be a professional photographer or illustrator by the name "Mel" or "Mellie," "Melvin," "Melinda," "Melissa" or any other variations including the last name, aggressively claiming you have copyrighted images on your website. Some reported personas such as Loretta, Simone, and Christy. The sender writes and threatens to file a complaint with your hosting company and sue you. This classic phishing scheme has the intent to elicit an emotional response from users and trick them into clicking a link.
The malicious email may arrive directly via your inbox or website contact form with content accusing you of copyright infringement and asks you to click the attached link to see the list of the copyright images in question. However legit the email may seem to be, it is not, and whatever you do, do not click the link. Once the victim recipient clicks the link, you will be redirected to a file download containing malware. This will allow the scammer to seize control of your device.
What is the End Goal of Phishing Scams?
The immediate goal of these cyber scammers is to scare you and get you to click an attached link or file download with a sense of urgency. The end goal though is not just to be able to gain control and access to the device (if your system is not protected by sufficient security software to block it) but to exploit information that leads to compromised accounts or systems. Successful hacks also allow cybercriminals to demand a ransom.
How to Spot a Phishing Email
1. Poor spelling and grammar.
Look for wrong spelling and awkward grammar. These are red flags. Legit organizations, executives, and professionals know how to spell. Smart hackers prey on the uneducated or less observant victims. Hence, easier targets.
2. The URL link is different than when you hover over it.
Just because a link shows "click here" to send you to one place, doesn't mean it's going to. NEVER click it. Scammers will try to hide the true URL to which the link leads. To know the true URL, hover your mouse cursor over the embedded link (remember NEVER to click it) to double-check. If it is not identical to the URL link displayed, this is a sure indication of a phishing email. In addition, secured links begin with https://.
3. Look for Unsolicited Attachments.
Legit institutions or companies do not send unsolicited attachments. Instead, they send emails and instruct you to download files or documents directly from their website. Although, in some cases, they may send information via email that requires a document download. Nonetheless, it is strongly recommended to be suspicious of high-risk attachment file types, such as ".zip" and ".exe."
4. The email is threatening or intimidating.
Malicious emails often threaten legal action and elicit an emotional response from target users for copyright infringement or a violation of an agreement. Don't let scammers intimidate you. Always be suspicious of phishing scams and other cyber threats before responding.
5. The email is sent from the public domain.
No legit company or organization will send emails from a public domain such as gmail.com or yahoo.com. Others would alter email addresses by spoofing a legit organization's name and styling the content professionally to make it look nearly flawless. As much as cyber criminals' attempts to replicate genuine emails from real companies, this, however, is not a foolproof method. Hover to the sender's email address in the 'from' section and check for any alterations.
Since phishing scams are a global threat to businesses and individuals of all types, it is important and critical to keep an eye out for malicious emails and NEVER click suspicious links or attachments from someone they do not know. Performing regular security checks on your devices and/or network can help you avoid falling victim to phishing scams and malware.
Here is a great tip for organizations that want all employees and clients to be secure in all their digital activities. Set multiple levels of security measures to help counter any possible scams. Malware awareness and defense training for employees is essential, especially in the digital workplace.
Contact The Savvy Inspector for all your online marketing needs.