The Good Tech Companies - 6 Tips to Avoid Phishing Emails from Vlad Cristescu, Head of Cybersecurity at ZeroBounce
Episode Date: October 31, 2024This story was originally published on HackerNoon at: https://hackernoon.com/6-tips-to-avoid-phishing-emails-from-vlad-cristescu-head-of-cybersecurity-at-zerobounce. Vla...d Cristescu, Head of Cybersecurity at ZeroBounce provides 6 tips to avoid phishing emails during the holiday season. Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #cybersecurity, #phishing-email, #cyber-threats, #zerobounce, #avoid-phishing-scams, #email-security, #hackernoon-top-story, #good-company, and more. This story was written by: @zerobounce. Learn more about this writer by checking @zerobounce's about page, and for more stories, please visit hackernoon.com. In 2023, Americans lost $10 billion to fraud, a 14% jump from the previous year. One in four people reported losing money to scams, with a median loss of $500 per person. Email remains the primary contact channel for cyberattacks. October is Cybersecurity Awareness Month.
Transcript
Discussion (0)
This audio is presented by Hacker Noon, where anyone can learn anything about any technology.
6 Tips to Avoid Phishing Emails from Vlad Krstescu,
Head of Cyber Security at Zero Bounce, by Zero Bounce.
Email is the number one channel scammers use to trick consumers,
and it gets fishier during the holidays. If you're shopping online, here's how to stay
safe and the first thing to do if you click a phishing link. As the holidays draw near, the hustle and excitement aren't the only things ramping up.
Phishing scams peak between September and November, when inboxes overflow with shopping
and travel confirmations, charity requests, and marketing emails. The consequences can be severe
in 2023. Americans lost $10 billion to fraud, a 14% jump from the previous year, according to the
Federal Trade Commission, FTC. One in four people reported losing money to scams, with a median loss
of $500 per person. Shopping fraud and imposter schemes were the most common frauds, and many
were carried out through phishing emails. Email remains the primary contact channel for cyberattacks.
40% of consumers check email looking for brand discounts, which makes them more susceptible to
phishing during the holidays. But don't panic, according to Vlad Krstescu, head of cybersecurity
at Zero Bounce, there are steps you can take to protect yourself, even if you already clicked on
a malicious link. With October being Cyber Security Awareness Month,
it's a good time to brush up on these precautions and stay alert.
The holiday season is scammer season. The holidays are prime time for scammers to strike,
Kristescu explains. People are shopping like crazy, donating to causes, and spending more
time online than usual. Scammers know we're feeling generous and maybe a little rushed,
so they take advantage of that. The psychology behind it Scammers know we're feeling generous and maybe a little rushed,
so they take advantage of that. The psychology behind it is simple, we're distracted,
we're all looking for last-minute deals, eager to get things done quickly, and that's when we let our guard down. When you're juggling a bunch of things, it's easy to miss those little signs
that something's off, and that's exactly what scammers count on. Top 3 Phishing Scams to Watch Out For
There are many types of scams that could land in your inbox, but according to Krstescu,
three types stand out during the holidays. 1. Account Login Scams
You'll see emails that claim something's wrong with your account and urge you to log in to fix
it. These can be convincing, but they're just fake pages set up to steal your username and password.
2. Fake shipping notifications. With everyone ordering gifts,
scammers send emails that look like they're from Amazon, FedEx, or other big companies.
They know you're waiting for packages, so they trick you into clicking to track your order or fix a delivery issue, but they're really just after your passwords.
3. Bogus e-commerce or, too good to be true,
deals. These phishing emails often impersonate major retailers or brands. They can lead you to
fake websites where you're prompted to put insensitive information like credit card details
or login credentials. Last year, more than 1.2 million scams targeted Amazon alone,
according to a Bolster AI study.
To safeguard your business domain from spoofing attacks,
it's essential to implement email authentication protocols like DMARC, SPF, and DKIM.
These measures help prevent hackers from breaching your domain and sending malicious emails on your behalf. How to spot a phishing email?
Phishing emails can be sophisticated, especially with AI making them look pretty legit, Kristescu says.
But the cybersecurity expert emphasizes that there are still a few tell-tale signs.
A big one is when the email starts with something generic like,
Dear Customer instead of using your name. Another red flag is if the message is trying
to induce panic by telling you that your account will be locked or that you need to act fast.
Here are a few more red flags to watch out for, according to Vlad Kristescu1.
Weird sender email addresses.
Even if the email looks like it's from a company you know, check the email address
closely.
Extra letters or random numbers are usually a giveaway.
Backslash dot, 2.
Strange attachments.
If there's a random file attached especially something like a
zip or x be careful most companies don't send attachments unless you're expecting them
backslash dot three suspicious links before you click any link hover over it and see where it's
really taking you if the url looks sketchy or doesn't match the website it claims to be from, don't click.
Backslash dot.
4. Bad grammar or awkward wording.
Phishing emails often have little spelling mistakes or just sound a bit off.
If it feels weird, it may be a phishing decoy.
Backslash dot.
5. Asking for personal info.
No legitimate company will ask for sensitive info over email.
If they do, that's a big red flag.
Backslash dot 6.
Too good to be true deals.
If the email offers something that sounds way too good,
it's probably a scam trying to get you to click.
Already clicked on an email scam?
Here's the first thing you should do.
If you've already clicked on a malicious link, don't freak out, Krsteska says.
It happens to a lot of people,
but here's what you should do immediately disconnect from the internet. Disconnecting from Wi-Fi or turning off your data can help stop any malware from spreading further.
Quote. Run a malware scan. After you're offline, run a full malware or virus scan on your device
to check if anything harmful got installed. It's better to catch it before it can
do more damage. Quote. Change your passwords. If possible, use a different device that you know is
safe to change the passwords on any accounts that might be affected. This helps avoid further
compromise if the original device is infected. And if you've reused the same password on other
accounts, change those too. Quote. Contact your bank or credit card company.
If you gave out any payment info, let your bank or credit card provider know right away.
They can monitor any suspicious activity or freeze your account if necessary.
Quote. Report the scam. You should report the phishing email to your email provider,
and you can also file a report with authorities like the FTC and FBI.
Quote. Keep an eye on your accounts, for a little while, be extra watchful of your bank,
email, and social media accounts. Scammers don't always act immediately,
so staying alert can help you catch any issues before they get worse.
Quote. The three months leading up to December account for 20% of all phishing scams for the entire year,
according to Bolster AI Research. As you rush to check off your holiday to-do list,
remember to pause and double-check the emails you receive. Before you click on a link,
take just a few extra seconds to ensure Noscam is slipping through, Vlad Kristescu advises.
About Vlad Kristescu Vlad Kristescu is the head of cybersecurity at Zero Bounce.
He has more than 14 years of experience in his field and is passionate about demystifying technology and security for companies and individuals. Previously, Kristescu provided
cybersecurity consultancy services at one of the U.K.'s largest cybersecurity distributors.
About Zero Bounce Zero Bounce is an email validation, deliverability, and email-finding company that helps businesses
improve their email marketing performance. A multiple Inc. 5,000 honoree, Zero Bounce is
the go-to choice for more than 350,000 customers worldwide. Ensuring military-grade security,
Zero Bounce serves companies of all sizes, from solo business owners to Amazon,
Coca-Cola, Disney, Netflix, and Sephora. In 2022, Zero Bounce founded EmailDay,
April 23, now an international holiday honoring email inventor Ray Tomlinson.
Thank you for listening to this Hackernoon story, read by Artificial Intelligence.
Visit hackernoon.com to read, write, learn and publish.