Recognizing Email Phishing Scams

Typically, when you receive an email with a request from your CEO or CFO, your first inclination is to act immediately on that request. However, before you act are you absolutely certain that the request is coming from them? Over the past few months Hilltop has noticed a trend where scammers are sending "phishing" or "spear-fishing" emails to users at corporations that appear and read just like an email from someone within the organization.

What makes these emails so hard to detect is due to a slight alteration made to the senders' email address. Essentially, a "spoof" email address has been used that looks almost identical to the email address that you "think" you should be receiving from — with a couple of letters rearranged. The trick is that your brain will actually believe that it is coming from the email address that you are used to seeing.

Read this phrase below out loud.

Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe. Azanmig huh? yaeh and I awlyas tghuhot slpeling was ipmorantt!

The human mind reads a word as a whole, not by individual letter.

The scammers are planning on this, and send you an email with a couple letters rearranged in the email address. This email address is being protected from spambots. You need JavaScript enabled to view it. looks just like This email address is being protected from spambots. You need JavaScript enabled to view it.. They may look the same, but these are two different domains, and the only email address that is correct – in this case the 2nd one – is the correct email address from our helpdesk.

Below are some tips to prevent an embarrassing and costly mistake to you and your business:

  1. Pick up the phone! If you have any doubts about the legitimacy of an email, pick up the phone! Call the originator of the email. I am certain they would not mind if you wanted to ensure that the request to send an enormous amount of money was accurate. Contact Hilltop! We have different methods of determining if the request was coming from the actual sender.
  2. Never click on a link, unless you are absolutely certain of its destination! If you have any doubt, contact us!
  3. Has anyone in your company ever sent you an email request previously to send money? If this is a new occurrence, take a look at tip #1!
If you have received any phishing emails, or you are interesting in learning how to take precautions to avoid becoming a victim of an email phishing scam, please contact a Hilltop Network & Cyber Security Consultant today.