Don’t Get Caught in a Phishing Scam
Phishing emails have recently circulated in which employees appear to request a change to their direct deposit or banking account information. So, how can your entity determine which requests are legitimate and which are not?
Here are some steps your entity’s employees can take to help reduce the chance it gets caught in a phishing scam:
- Verify the sender email address, specifically the domain. The NDIRF’s domain is bolded here: First.Last@ndirf.com. If the sender’s domain doesn’t match the domain used in their previous emails, it may be a sign the email is a phishing scam.
- Be wary of emails that pressure you to act quickly. Scientific tests have shown that time pressure drastically reduces detection accuracy1, making it important you slow down when engaging with emails.
- Review the greeting and tone of the email to determine if it’s consistent with the sender’s previous emails. Scammers “often target a broad set of victims at one time, [so] they often use generic greetings like ‘Dear Customer,’ or they may even skip the greeting altogether2”. Their emails may also contain “unnatural phrasing2” among other errors.
- Don’t click on links or download attachments unless you know the email is legitimate. Links and attachments are tools scammers often use to install malware “that will infect your PC3”.
To help your entity’s employees outsmart phishing scams, here are some actions it can include in its email, computer, and/or technology policy:
- Report suspicious emails to its IT, security, or other designated department.
- Verify an employee’s request or safety of links or attachments by directly calling the employee or talking with them in-person.
- Complete the NDIRF’s LocalGovU Computer Security Basics course, available free through your entity’s NDIRF membership.
Contact NDIRF Director of Member Services Corey Olson at (701) 751-9107 or Corey.Olson@ndirf.com if your entity wants further information about LocalGovU, our online training platform offered free to NDIRF members.
1Butavicius, M, Taib, R, & Han, S. December 2022. Why people keep falling for phishing scams: The effects of time pressure and deception cues on the detection of phishing emails. Retrieved 9 September 2024 from https://www.sciencedirect.com/science/article/abs/pii/S0167404822003297.
2Rafter, D., 30 July 2024. 10 real phishing email examples. Retrieved 9 Sept. 2024 from https://us.norton.com/blog/online-scams/phishing-email-examples.
3Moon, B. 14 January 2016. Don’t Click On Strange Links: 6 Tips To Avoid Phishing Attacks. Retrieved 9 September 2024 from https://www.forbes.com/sites/bradmoon/2016/01/14/how-to-avoid-becoming-a-victim-of-phishing/.