Posted on 05/22/2019 at 12:27 PM
Phishing may sound fun, but in the case of phishing with a “ph,” it is not as fun as one might think. There are no fish in phishing, just bait. Read on to learn how to recognize and avoid the bait and to learn other steps you can take to prevent you or your company from falling victim to a phishing attack.
What Does “Phishing” Mean?
The concept behind phishing is like that of real fishing, except in the case of phishing, you are the metaphorical fish. In phishing, a scammer lures their victims into unknowingly divulging personal information by baiting them with an email that looks incredibly real. These emails can look like they come from a co-worker or even the CEO and they try to get users to click a link, open a file, reply with login credentials, send payment or banking information, or reply with other confidential information.
A recent study by Google “found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches.”
Every year around tax season, the IRS receives several reports from concerned citizens about phishing scams. It’s important to understand the threat so you can avoid it!
How do Phishers Phish?
There are many ways a group or person could try to Phish all with the same goals as previously mentioned. Some of those include:
Spear-Phishing – in which phishers use personal information based on research to make emails look real
CEO Fraud – in which phishers use email addresses that look similar to that of your CEO (or another high-level executive)
Pharming – in which phishers attempt to redirect users to a domain that looks similar to one they know
There are many other ways to be phished and new ways are always evolving
Cloud Phishing – in which phishers try to get users to download a file from or login to a cloud service
How to Identify a Phishing Attempt
Spam email incidents are on the rise and to stay safe, we must be vigilant and stay on top of your inbox. While most emails get properly filtered by the “Spam” filter and other security measures, some malicious emails are slipping through the cracks. Here is how to identify red flags and keep your computer safe.
Know the Red Flags
When you know what to look for it’s much easier to avoid getting hooked by a phishing scam.
Misspellings and grammatical errors
Creating a sense of urgency
Requesting personally identifiable information (PII)
Requesting user IDs and passwords
Threatening with consequences
Vague and general messages
Often play on emotion
Identify a Phishing Attempt - and Stay Safe While Doing So:
The display name is spoofed - view the email address and compare it to the displayed name.
The hyperlink text does not match the link - hover over the hyperlink to see where it would actually send you.
Suspicious attachments - do NOT open this file NOR preview it in the Reading Pane.
More sophisticated attempts may look authentic and may impersonate a person or contact you may know.
For safest practices, do not click a link in an email. Instead of clicking the link, you should go to the website yourself.
Do not forward a suspicious email to anyone other than your designated IT person. This avoids the spread of potentially malicious files or links!
How to Protect Yourself and Your Company?
Setting common practices for information shared over email and for clicking links and opening files is a must. Knowing that your company (or that most external companies) would never request you to give passwords or other sensitive information over email ensures that users would be skeptical of these types of attacks.
Inspect links and files BEFORE opening them. Ask questions! If you receive an “urgent” message from a high-level executive asking for odd information verify with them (preferably in a different channel of communication).
Frequently informing yourself, your peers, and your employees about the common (and new) practices of phishers, the potential effects of phishing, and ways to be skeptical and critical of emails should ensure a level of security.
Have a Plan:
Finally, having a fail-safe for the worst-case scenario is always a good idea. Forbes outlines steps to take in their article “What To Do When You've Been Phished.” Some of their steps include quarantining the affected computer, changing passwords, running anti-virus software, and restoring backups.
If you come across an email that looks potentially dangerous, contact your network administrator or IT department for your business’ proper spam handling procedure.
If you are concerned about protecting yourself and your computer, contact Global Reach today! Our full-service IT consulting services are built upon decades of experience with clients of all sizes, and expert knowledge of the latest technologies and malware practices.