Avoid getting hooked by phishing

With the growing reliance on paperless communication, phishing scams continue to be one of our greatest cybersecurity threats. According to the FBI’s Internet Crime Complaint Center (IC3), there has been a 270% increase in business-directed phishing scams since 2015. And, even more staggering is the dollar amount lost exceeds $740 million for affected U.S. companies from 2013 to 2015.

What is phishing?

Phishing is the fraudulent practice of sending emails that appear to be from reputable companies or reliable sources in order to coax individuals to reveal personal information, passwords, credit card numbers, and other confidential details. Many times the message will appear from an official organization (like the IRS and FBI) or widely known companies or service providers (such as Amazon.com or PayPal). These messages are then disguised to look like official correspondence including logos and copyright information. Embedded within these messages are often links that can download malicious software or to false websites where users are asked to input or verify their confidential data.

What does a phishing message look like?

Phishing messages are highly successful because they look authentic, but also because they typically include language or messages that give a sense of urgency if action is not taken. Some examples of phishing messages include:

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”

“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

How to spot a phishing attempt

1. The reply email address is not official or does not match the organization or company sending you the message (for example, companyname@gmail.com) or points to a foreign address.
2. The message contains poor spelling or grammar.
3. The message asks you to take action on your account like replying with your password, visiting a link to provide personal information or to call a number to verify a credit card number.
4. The message contains a warning or threat claiming that not responding or taking action will result in serious consequences to your account, attempting to manipulate users to share information they would normally not be comfortable in sharing.
5. You did not initiate the action or the email request or it comes unsolicited from an unexpected sender.
6. Something just seems “off” or “unusual” with the email.

What to do if you receive a phishing email

1. If you have received a phishing attempt, do not reply or respond to the email. Simply delete the message right away.
2. If unsure if the message is authentic or a phishing attempt, contact the organization or business directly to verify the message. Do not click on the links within the email, but instead go directly to the company website for contact information. Even though the links within the email may look legitimate, there is the possibility you will be directed to a false site that could contain malicious software.
3. Don’t email personal or financial information if requested by the sender. Email is not a secure method of transmitting personal information, and organizations will NOT email you for passwords or personal information.
4. Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the “s” stands for secure). Unfortunately, no indicator is foolproof as some phishers have forged security icons.
5. Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.

Bank Mutual is vigilant when it comes to helping businesses mitigate risk. Our treasury management team and commercial bankers can help business owners fine-tune their fraud protection and cybersecurity processes.

To stay up to date on the latest cybersecurity and fraud protection strategies, sign up to receive our quarterly e-newsletter full of information, resources and tools to help your business detect and mitigate these risks – making it easier to protect your assets.