Essential Tips for Avoiding Email Scams

Unfortunately, not every message that lands in your inbox has your best interests at heart. Malicious actors are casting wider and more sophisticated nets than ever before, hoping to reel in an unsuspecting employee and gain access to your business' valuable data and finances. Fear not, with a little knowledge and a healthy dose of skepticism, you can learn to spot these email scams and keep your organization safe.

Here at MicroLogix Network Services, we believe that proactive business technology support is the best defense against these ever-evolving threats. That's why we're sharing our top four ways to detect and successfully avoid email scams.

Scrutinize the Sender

Before you even think about clicking a link or downloading an attachment, take a close look at who the email is from. Scammers are masters of disguise, often using spoofed email addresses that look remarkably similar to legitimate ones. They might swap a letter for a number (like O and 0) or add a subtle misspelling to a familiar domain name.

Useful Tip

Hover your mouse over the sender's name to reveal the actual email address it's coming from. If it looks suspicious or doesn't match the purported sender, it's a major red flag. Also, be wary of generic greetings like "Dear Valued Customer." Legitimate companies will almost always address you by name.

Don't Let Fear Dictate Your Clicks

A common tactic among cybercriminals is to create a sense of urgency or panic. Emails threatening to close your account, claiming you've been a victim of fraud, or demanding immediate payment for a past-due invoice are all designed to make you act impulsively. When you're rushed, you're less likely to scrutinize the details.

Useful Tip

If an email is pressuring you to act immediately, take a second to realize what you’re looking at. Independently verify the claim by contacting the supposed sender through a known and trusted channel. For instance, if you receive an urgent email from your bank, don't click the link in the email. Instead, open a new browser window and navigate to your bank's website directly or call the customer service number on the back of your card.

A Click Away from Disaster

That seemingly innocent link or attachment could be the gateway for malware, ransomware, or a phishing site designed to steal your credentials. Scammers often disguise malicious links with hyperlink text that appears legitimate.

Useful Tip

Before clicking any link, hover your mouse over it to preview the actual URL. If it's a long, convoluted address or directs you to a completely different website than what the text suggests, don't click it. Be equally cautious with attachments. Unless you are expecting a file from a specific sender, it's best to confirm its legitimacy through a separate communication channel before opening it.

To check a link, you need to hover your mouse over the clickable part in the email, and look at the bottom of the screen, typically on the left for most email clients. It will show you an address that starts with http.

For our example, we’re going to use Amazon.com, and how to spot something suspicious. It’s all about looking for periods in the address, and noting where the periods are.

If there is a period AFTER the domain name of the website you want to go to, then it might be a trap.

• https://www.amazon.com/gp/help/customer/account-issues - This is safe, because there isn’t a period after the .com. 
• https://support.amazon.com/ - This is safe, because the extra period is before the company’s domain name (in this case, amazon.com)
• https://support.echo.amazon.com/customer-support/password-reset - Again, this is safe because there are no periods after amazon.com, regardless of how many subdomains (extra periods) are before it in the URL.
• https://support.amazon.ru - Time to slow down. While Amazon does legitimately have a .ru domain, not every business has every variation of domain extension (like .org, .net, .co, .co.uk, etc.). As soon as you get something you don’t expect, start to scrutinize even more.
• https://amazon.passwordservices.com/help/account-issues - This one is dangerous. This URL is technically taking you to a site called passwordservices.com. We just made that up for the example. Anyone could purchase that domain (or something similar) and spoof the URL to say Amazon before the first period. It’s tricky because it’s easy to miss.

Let’s take a look at another example, using PayPal:

• paypal.com - Safe
• paypal.com/activatecard - Safe
• business.paypal.com - Safe
• business.paypal.com/retail - Safe
• paypal.com.activatecard.net - Suspicious!
• paypal.com.activatecard.net/secure - Suspicious!
• paypal.com/activatecard/tinyurl.com/retail - Suspicious!

Keep in mind, these URLs above may or may not be real, we’re just making them up for the sake of an example!

Your First and Best Line of Defense

Technology is a powerful tool in the fight against email scams, but the most effective defense is a well-informed and vigilant team. Employee training is not just a recommendation; it's a necessity. Your staff should be educated on the latest phishing techniques and empowered to question any suspicious communication.

Useful Tip

Here’s a brief plan to create a sufficient line of defense:

• Provide regular training - Conduct ongoing security awareness training that includes real-world examples of phishing attempts.
• Conduct simulated attacks - Test your team's readiness with simulated phishing campaigns to identify areas for improvement in a safe environment.
• Clear reporting procedures - Establish a simple and clear process for employees to report suspicious emails to your IT department or a designated security expert.

At MicroLogix Network Services, we understand that navigating the complexities of modern cybersecurity can be difficult to coordinate. Our proactive approach to technology support means we're not just there to fix problems; we're there to prevent them from happening in the first place.

Don't wait until a phishing attempt turns into a costly data breach. Let us help you build a resilient defense against the ever-present threat of email scams. Give us a call today at (321) 282-3290 to learn more.