Resourceful Finance Pro

2 minute read

Email phishing attempts look fishy: Keep an eye out for these warning signs

Scott Ball
by Scott Ball

Companies’ databases, customer info and bank accounts are never safe from malicious attackers. The most common way in for cybercriminals remains via email.

Email scams are getting more sophisticated, to make matters worse. Some companies’ employees are getting fooled by phishing sends that announce salary reductions and include file attachments.

Recipients who click on the attachments are then directed to their company’s payroll and benefits portals. If they try to sign in, they get back a message asking to re-set their passwords.

Think your people wouldn’t fall for this trick? We know a company where multiple employees not only clicked through, but also re-set their passwords, giving the attacker a way into company financial data.

In this case, employees are falling for a scam that runs counter to normal business practices. We’re not aware of employers who’d announce across-the-board pay cuts through a company-wide email announcement, for example.

Bottom line: If a phishing attempt looks legit, someone’s liable to fall for it.

Clues abound in the subject lines

The good news is, most email scams look “off” at first glance to a reasonably intelligent person.

Are there any telltale signs that an email in your inbox isn’t what it appears to be? Yes there are, according to tech security pros and law enforcement who’ve seen it all.

Remind staff to beware of an email that possesses one or more of these traits in its subject line. Always preview it first and don’t click on it if you suspect it’s a fraud:

  1. Email starts with “Re:” or “Fwd:” followed by vague words like “project” or “meeting.”
  2. The words “you” or “your” followed by terms like “loan application” or “credit card.” Personalized subject lines are a bright red flag.
  3. Email sender address has letters and numbers in it, not a name. Pause first and ask yourself if you’re expecting an email from someone you don’t usually do business with.
  4. Misspelled, odd or inappropriate words you don’t see often in business email. Be careful, it could be a trap meant to lure you in.
Scott Ball
Scott Ball
Scott Ball is a Senior Staff Writer for Resourceful Finance Pro with more than 20 years of experience writing for business professionals. He wrote for the trade publications CFO & Controller Alert, Facility Manager's Alert and Environmental Compliance Alert.