Chances are you’ve received an e-mail that pretends to be from your bank, e-commerce vendor, or other online business site. Daily phishing emails are sent to unsuspecting victims all over the world. Some are obvious while others can be quite convincing.
Not every email you receive is a phishing scam. In fact, most banks or e-commerce vendors send you authentic email all the time.
What is the difference? Since phishing emails are different in each situation, there is not one single method to uncover the many. There are a number of things to look for and here are a few:
This email was recently received from a bank. Looks legit doesn’t it? Truth is, this email is a phishing scam. Clicking the link takes you to a bogus website that has been made to look like the genuine Wells Fargo site.
Look at the sender address below, check for weird misspellings and characters. Notice that the “O” in Wells Fargo has an accent character above it? That is not normal. Also, the return email address (doug.ray@dentsuaegis.com) has nothing to do with Wells Fargo. This should be enough to red flag the email and delete it. But there is more!
This is the scam. Check the integrity of the embedded URL by hovering over the “Click here” link but DO NOT CLICK ON THE LINK! The message is a fraud since the URL is not from Wells Fargo but someone in the UK. But there is more!
The links at the bottom of the email (red rectangles) would normally take you directly to the Wells Fargo website. Instead they are fake pictures of links reproduced to look real. In fact, the “Click Here” link is the only active one in the entire email. The rest is fraudulent fabrication made of images stolen from Wells Fargo. This is a scam!
The final word
At first glace, this email looked legit. All information supplied on the bogus site would be collected by the scammer and used to hijack your Wells Fargo account. Take caution and login to your online accounts by entering the address into your browser’s address bar or by an official app.
Unless staff are trained to identify these threats, dental practices are susceptible to phishing email scams, malware, ransomware, and spam. HIPAA compliance requires this training for good reason. The alternative is a data breach that must be reported, possible fines for non-compliance, and loss of reputation.