Defend your funds against phishing: essential tips to identify fake emails and texts
Phishing as a cyber-attack method has a relatively high success rate; with scammers deceiving both individuals and organizations into giving up their private and valuable data. Here, we offer critical insights to help you recognize and combat these attacks, enhancing your protection against cyber threats.ย
What is phishing?
Phishing is a cyber-attack method that has a relatively high success rate; with scammers deceiving both individuals and organizations into giving up their private and valuable data.
Both email phishing and SMS phishing (smishing) have become more prevalent in recent years, posing significant threats that technology alone cannot mitigateโin fact, recent research from security firm Egress found that 94% of organizations have been victims of phishing attacks.
Individuals and companies must be aware of the tactics cybercriminals use so they can protect themselves from this insidious threat. Unfortunately, a purely technological approach is not enough: it takes just a single click on a malicious link or a download of an infected attachment for the attack to begin.
This is why it is essential to be aware of the tricks of the phishers’ trade.
Here, we offer critical insights to help you recognize and combat these attacks, enhancing your protection against cyber threats.
Key phishing statistics
- Email and SMS phishing are the primary methods for delivering phishing attacks.
- A 2024 Cofense study found that 90% of cyber-breaches start with an email phishing message.
- The same study found a 104% increase in email phishing that bypasses technology defenses.
- Proofpointโs 2024 State of the Phish report found that 75% of businesses were victims of SMS phishing (or smishing).
Spotting phishing tactics
Phishing relies on human behavior manipulation. Recognizing these tactics can help you identify phishing attempts. Here are some tips on what to look out for.
Who is the message from?
- Email phishing: Check the sender’s email address. Legitimate organizations use their own domain for email addresses, so watch out for public domains, like gmail.com. However, be careful of fake email addresses that look correct but are subtly different. Cybercriminals register similar domains to well-known brands. For example, the domain may be changed to resemble a real company, โsupport@pay0ner.com.โ
- SMS phishing: Scammers try to mask their phone number using various tactics. One example are systems that only display the last four digits of a senderโs phone number. If you notice an unusual or masked phone number, be cautious.
- Calls: Number spoofing is used by cybercriminals to falsify caller ID information to make it appear as if the call is coming from a legitimate company. However, many network providers are now putting in measures to clamp down on this practice.
Check the link or the phone number
- Email phishing: Malicious links in phishing emails and SMS text messages lead to spoof websites. Try hovering over the link to reveal the true destination. The link address will be displayed by your email client. Check the address, does it make sense? Does the web address match the company domain? Be careful not to click on the link.
- SMS phishing: It’s more difficult to check SMS text links: you canโt simply hover over the link to reveal the address. Even if the link looks legitimate, it may be a โnested and shortenedโ link, that redirects you to another illegitimate website. In the case of smishing links, the watchword is caution.
Suspicious attachments
- Infected email attachments pose the biggest phishing risk to a business. If you receive an email with an attachment and you arenโt sure where that email is from, donโt open the attachment. Use the rules here to double check the email before opening any attachment.
It’s just too good to be true
- Email and SMS texts that offer gifts and โtoo good to be trueโ offers may be phishing. Attackers prey on a sense of FOMO (fear of missing out). The email or SMS may contain a sense of urgency or a deadline. If it feels too good to be true, itโs probably best to be cautious.
Personalization
- Check for personalization of email or SMS messages. Cybercriminals often use automated software to send out thousands of phishing emails at once. Make sure the email or SMS uses your name in the salutation.
- However, there is a caveat. Some phishing emails and SMS texts are highly targeted. In this case, the phishing email or SMS will be personalized, using your name.
Grammar and spelling
- Poorly written emails or texts may indicate phishing. However, some cybercriminals use AI tools to create convincing messages.
QR Code Vigilance
- QR Codes are increasingly used to trick people into clicking malicious links. A US energy company found 29% of over 1000 emails contained a malicious QR code. Carefully check the web address displayed when you take a photo of the QR code. Use the rules above on fake domains.
What to do if you spot a suspicious email or text message
If you think you may have clicked a link or downloaded a suspicious attachment and your Payoneer account might be compromised, donโt wait; get it touch with us right away.
Disclaimer
The information in this article/on this page is intended for marketing and informational purposes only and does not constitute legal, financial, tax, or professional advice in any context. Payoneer and Payoneer Workforce Management are not liable for the accuracy, completeness or reliability of the information provided herein. Any opinions expressed are those of the individual author and may not reflect the views of Payoneer or Payoneer Workforce Management. All representations and warranties regarding the information presented are disclaimed. The information in this article/on this page reflects the details available at the time of publication. For the most up-to-date information, please consult a Payoneer and/or Payoneer Workforce Management representative or account executive.
Availability of cards and other products is subject to customerโs eligibility. Not all products are available in all jurisdictions in the same manner. Nothing herein should be understood as solicitation outside the jurisdiction where Payoneer Inc. or its affiliates is licensed to engage in payment services, unless permitted by applicable laws. Depending on or your eligibility, you may be offered the Corporate Purchasing Mastercard, issued by First Century Bank, N.A., under a license by Mastercardยฎ and provided to you by Payoneer Inc., or the Payoneer Business Premium Debit Mastercardยฎ, issued and provided from Ireland by Payoneer Europe Limited under a license by Mastercardยฎ.
Skuad Pte Limited (a Payoneer group company) and its affiliates & subsidiaries provide EoR, AoR, and contractor management services.
