Phishing

Category: 

Tip of the Week: 5 Ways to Easily Identify a Phishing Attack

If you’ve been reading this blog for any length of time, you’ve seen us reference a phishing attack. Whether you are being asked by some supposed Nigerian prince to fork over money or you are getting an email by what seems to be your bank that directs you to download an attachment, you are probably a potential victim of a phishing scam. The difference between being a potential victim and a victim is knowing how to identify it. Today, we’ll give you five ways to identify a phishing message so that you—or your company—won’t be scammed.

#1 - Urgency

When you get an email and the verbiage is such that it immediately makes you panic a little, you are probably dealing with a phishing attempt. Email is a really useful tool for businesses and individuals alike, but it typically isn’t the medium where someone is going to give you news that will make your anxiety spike. The message can come from many different directions, but if its tone is one where it makes you think you have to act immediately, you should calm down and verify the message with a call or text. 

#2 - Attachments

Again, email is useful for interpersonal communication, but unless you are expecting an email, or you know exactly who is sending you a message, you should never click on an attachment. This goes double if it is from a financial institution. No reputable bank is going to send you a downloadable attachment unless you are in direct communication with them. Even then, these organizations have secure apps for these types of transactions. Do yourself a favor and don’t download attachments from emails unless you know exactly what the attachment is.

#3 - Spelling and Grammar Errors

Let me ask you this: In the course of doing business, when corresponding with people outside your organization, do you send emails with gratuitous spelling and error problems? No? That’s because you don’t want the recipient to be put off by your handle of the language. Phishing emails tend to be written by people whose first language isn’t English and they tend to make terrible spelling and grammar mistakes. If you are getting an email from your bank, but the content of the message is riddled with typos, you are dealing with a phishing email.

#4 - Your Personal Information

Any email that is sent to you that asks for personal information should be met with caution. Even if it looks authentic, when the email directs you to provide information that you don’t feel comfortable giving out—like a credit card number or your social security number—you’re almost always dealing with a scammer. If an organization needs your personal information, it will create an interface that will allow you to securely provide that information. They can’t afford not to.

#5 - Addresses Aren’t Legitimate

Finally, one of the telltale signs that you are being phished is the legitimacy of the links and addresses in the message itself. Firstly, you should be suspect of links in unsolicited emails anyway, but to be sure, you can mouse-over any links. If you don’t immediately recognize the web address, don’t click on the link. As far as email addresses go, it can often be difficult to tell if an email address is legitimate or not. One rule of thumb, if there is more than one period in the address, don’t click on it. It may be legitimate, but investigating it takes seconds and can help you avoid a lot of headaches. 

Here’s a quick, short guide to help you and your staff:

1.Everyone handles their domains a little differently, but use this as a general rule of thumb:

a.paypal.com - Safe

b.paypal.com/activatecard - Safe

c.business.paypal.com - Safe

d.business.paypal.com/retail - Safe

e.paypal.com.activatecard.net - Suspicious! (notice the dot immediately after Paypal’s domain name)

f.paypal.com.activatecard.net/secure - Suspicious!

2.paypal.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!

3.Check the email in the header. An email from Amazon wouldn’t come in as noreply@amazn.com. Do a quick Google search for the email address to see if it is legitimate.

4.Always be careful opening attachments. If there is an attachment or link on the email, be extra cautious.

5.Be skeptical of password alerts. If the email mentions passwords, such as “your password has been stolen,” be suspicious. 

We hope that this short guide helps you avoid clicking on phishing attacks as they can have devastating and adverse effects on your computer, your network, and your business. For more great tips and tricks, return to our blog regularly. If you want to talk about how best to train your staff about phishing attacks, call us today at 334-834-7660.

 

 

Category: 

Hackers are Going Phishing for Your Money

When people talk about cybersecurity nowadays, there certainly seems to be a lot of emphasis put on phishing attacks and ransomware. This is for good reason. Not only can either of these attack vectors create significant difficulties for a business, they are often used in tandem. Let’s discuss why these threats are so potent, and why they so often show up together.

First, it will help to briefly review how each attack works.

How Ransomware Works

Imagine for a second the surprise you would have if you tried to log into your computer and you were presented with a message telling you that your files have been encrypted and that you need to pay $X in Bitcoin before the clock runs out or you will lose those files forever. Then you noticed the clock clicking down. Would you panic? You probably would. That is ransomware, a particularly ugly malware that could cost you everything. 

How Phishing Works

Do you ever get emails that seem to come in randomly from the government, your bank, or your insurance company? Do they want you to take action now and provide links or attachments to make that possible? The truth is most professional organizations that you depend on will never want you using email to do anything other than verify your identity. That means that the emails you get that say you have to act now to avoid going to jail for owing money are as fraudulent as they seem. 

These are phishing messages. They can come in through email, social media, or via SMS or phone call. Unfortunately for the modern user, they are constant, often sophisticated, and can be especially problematic if handled improperly.

Phishing + Ransomware = Major Trouble

Since today’s hackers can’t just hack their way into an account, they use social engineering tactics to do so. If they are able to expose their fraudulent message to someone that is less than vigilant, they may gain access to a computer (or worse yet a computing network), and then deploy their ransomware payload. Not a good situation for any individual; and, a major problem for any business. This is why it is essential that your staff understands phishing tactics and can spot fraudulent emails and messages when they come in. Let’s take a look at some telltale signs that you are dealing with a phishing message.

Identifying Phishing 

Phishing tactics are a lot more sophisticated than they were even a few short years ago, but they can’t do anything for the one variable that matters: legitimacy. Here are a few ways you can tell that you are dealing with a phishing attack.

● The details in the message are suspect - Many people don’t pay much attention to the email address an email is sent from, or if a word here or there, is misspelled. This is how phishing attacks get you. If you receive a message that has spelling or grammatical errors that you wouldn’t find in professional correspondence, you probably are dealing with a scam. You can also look at the email address itself or best yet, mouse over any links found in the text of the email. If it seems fishy, it’s probably phishing. Don’t click on it.

● The tone is desperate - One telltale sign that you are dealing with a phishing attack is that the message written to you seems urgent. No reputable financial institution or government entity is going to demand immediate action from an email. 

● There’s a link or an attachment - Using phishing to deploy ransomware (or any kind of malware), you will typically see an attachment or be asked to follow links in the message. If you have any question of the validity of the message, don’t click on a link or open an attachment. 

Cybersecurity is a constant process. If you would like help getting your staff trained or if you would like some information about other security tools you can use to keep your infrastructure and data safe, call the IT professionals at Jackson Thornton Technologies today at 334-834-7660.