An increasing amount of business is being done online and the number of phishing attacks is rising. According to research, over half of internet users get at least one phishing email per day and most people can’t identify a sophisticated phishing email – they can look really professional! So, would you know how to recognise one? One accidental click could compromise your company’s data security and every fraudulent email responded to, could cost you serious money.
It has come to our attention that some ESOMAR members are victims of fraudsters or scammers pretending to send out emails on their behalf. Such emails could include business proposals or invoices and they appear to come from a legit market research company. Would you recognise a phishing email if you saw one? Here are seven top tips to make sure you don’t fall for a sophisticated scam:
Tip 1: Don’t trust the display name in the ‘from’ field
Display names can be spoofed. Cybercriminals can make an email look like it came from any brand. So, always make sure you check the actual email address the email came from. Especially if you did not expect to receive it. See the example below.
Did this email really come from ESOMAR Professional Standards? Always check the email address.
It’s legit!
Tip 2: Check the domain of the email address
The domain is the part that comes after the @, like esomar.org in our example. Always check if the domain actually belongs to the company emailing you. For example, if an email were to come from professionalstandards@esogov.com, you can look up esogov.com and see if it directs you to the ESOMAR website. You can check if the domain you’re receiving emails from directs you to the webpage of the company you’re dealing with. If it doesn’t, the email may be fake.
Tip 3: Be careful if you receive a message from a free mail account
A free mail account means a free email account – like gmail, hotmail or yahoo. Be extra careful if the free mail address is built up as [company name] @ freemail.com. Like, for example esomar@gmail.com or esomar@hotmail.com. Most companies have their own domain name and accompanying email addresses and wouldn’t use a free mail account for business. Or if they do, it should be clear from their website.
We know that time can be short, researchers are checking their email at home and on holiday – especially now during summer – or whilst traveling, and yes, sometimes it’s easier to use your personal gmail/hotmail/yahoo when traveling. If you do, make sure you understand it can be harder to verify legitimacy of the email, and explain beforehand that you may respond from a certain personal or free mail email address.
Tip 4: Double check when in doubt with the company or with the ESOMAR Member Search or Directory
So, if you receive an email from a generic email account, always send a message to check if it’s legit to the email address you can find in the ESOMAR Directory or member search. Or, send a message to info @ [relevant domain name].
Tip 5: Look at links in the email but don’t click
You can hover over a link and it will tell you where it redirects you. If the link address looks strange, don’t click on it. Should you wish to test a link, open a new browser window and type in website address directly rather than clicking on the link from an unsolicited email.
That link looks like a link you could expect. You can click on this one!
Tip 6: Email greetings
Is the start of the email vague, like “valued partner”, “dear customer” or “esteemed colleague”? Legitimate businesses will often use a personal greeting with your first and last name.
Tip 7: Don’t open or click on attachments
Did you receive a business proposal or invoice you didn’t expect, don’t rush to open the attachment. Malicious attachments containing viruses and malware are common in phishing emails. Malware can damage files on your computer, steal passwords or track your keystrokes, or spy on whatever your computer is doing. So never open an email attachment you weren’t expecting. If you didn’t expect the email, get in touch with the company it appears to come from before you open it.
So, there you have it, 7 tips to help you avoid opening fake and phishing emails.
