Phishing Trip Canceled – How to Identify & Avoid Phishing Attempts

Written By Taylor Axtmann

Widespread phishing attempts and how to avoid them.

Every single day, thousands of phishing attempts hit inboxes around the world. Many of them will be far less evident than others. But what is phishing, and why is it so harmful? What are some techniques to help you identify them?

Phishing is the attempt to access sensitive information, often for malicious reasons, by posing as a trustworthy entity in an electronic communication. Phishing is hazardous for various reasons: clicking through on a phishing email can open the door to virulent software and hacking attempts; it can function as a form of social engineering, by successfully posing as a reputable source. A cybercriminal can receive sensitive information directly from the user, and a successful phishing attack can expose your organization to a crippling data breach.

Here are some common phishing attempts that you can look out for:

1. An Email from Someone You Know

Some of the most successful phishing attempts were designed to look as if they came from a familiar source. An internal email address, an HR document, or a password request from the IT department.

Make sure to inspect any email before you respond with sensitive information carefully. Be sure that the email is entirely authentic before clicking on included links or downloading attachments. If it looks fishy, don’t hesitate to reach out to your IT support to verify that the email you received is legitimate.

2. Directions to Sign In or Reset Your Account

Many phishing attempts masquerade as a service that you use. Whether on social media platforms or email services, we’ve seen phishing attempts that resemble official Microsoft or bank inquiries. None of these services will ask you for your bank account number, password, or social security number.

3. Please Click Here

Phishing emails will often try to get you to click on an embedded URL. Hovering over the link will reveal the actual hyperlink. Long hyperlinks that don’t direct to the website as advertised are an immediate red flag. Spam filters are continuously updated to filter out emails that include links like these, even so, spam filters are by no means infallible. If you’re not sure, err on the side of caution. Aggressive cybercriminals will use domain names that increasingly resemble the domain of the organization they are pretending to be (i.e., realcompany.com.fakecompany.com).

4. Urgent Action Required

Psychologically, cybercriminals are trying to prompt users to take immediate – and detrimental – action by creating a sense of urgency. An email notifying you that your account has been compromised, closed, has experienced an “unauthorized log-in attempt,” may be suspended, or requires immediate attention (with excessive capital letters and exclamation marks) are common phishing tactics. Many organizations that handle sensitive data do not rely on email to communicate an urgent issue that requires your immediate attention.

5. Sorry State of Spelling

Most organizations will have several eyes review their email copy before they send it out. Grammar and spelling errors are a quick way to spot a phishing attempt.

Taylor Axtmann
Previous

What Is A Firewall, And Does My Office Need One?
Next

How to Select a VoIP or Phone Service Provider