This is the latest of a few similar emails I’ve received lately via one of my business websites . . . “I just found a $122.66 charge on my credit card originating from mphhotels.com I never ordered anything from you so what is happening? Please check the card statement below and let me know what to do to get my money back: (odd-looking link inserted here) Thank you Abraham Eubanks”
Clearly the object of the exercise with these emails is to get you to click on the link which, according to experts I’ve consulted, will likely plant malware on your computer capable of accessing personal information, passwords etc. It could also try to engage you in a phishing exercise with the objective of asking you to disclose sensitive information.
I mention this because I know of cases where small businesses have lost money responding to this type of email. It’s easy to see how it can happen. If a bookkeeper or other employee receives the email they may think it looks legitimate and, especially if they’re not on top of your bookkeeping, may assume that it is a legitimate charge and pay it to avoid problems. Even if they intend questioning it later, it will be too late.
The answer is to not respond to unexpected emails, trash emails with names and addresses you don’t recognise without opening them, and don’t click on suspicious-looking links in suspicious-looking emails.
Here are seven points from securitymetrics.com to help you recognise a phishing email:
- Legit companies don’t request your sensitive information via email
- Legit companies call you by your name
- Legit companies have domain emails
- Legit companies know how to spell
- Legit companies don’t force you to their website
- Legit companies don’t send unsolicited attachments
- Legit company links match legitimate URLs