Every single day thousands of phishing attempts hit inboxes around the world. Many of them will be far less obvious than others. But what is phishing, and why is it so harmful? What are some techniques to help you identify and avoid phishing attacks?
Phishing is the attempt to access sensitive information, often for malicious reasons, by posing as a trustworthy entity in an electronic communication. Phishing is hazardous for a variety of reasons: clicking through on a phishing email can open the door to virulent software and hacking attempts; it can function as a form of social engineering, by successfully posing as a reputable source a cybercriminal can simply receive sensitive information directly from the user themselves; and a successful phishing attack can expose your organization to a crippling data breach.
Here are some common phishing attempts that you can look out for:
An Email from Someone You Know
Some of the most successful phishing attempts were designed to look as if they came from a familiar source. An internal email address, an HR document, or a password request from the IT department.
Make sure to carefully inspect any email before you respond with sensitive information. Be sure that the email is completely authentic before clicking on included links or downloading attachments. If it looks fishy, don’t hesitate to reach out to your IT support to verify that the email you received is legitimate.
Directions to Sign In or Reset Your Account
Many phishing attempts masquerade as a service that you use. Either social media platforms, email services, we’ve seen phishing attempts that resemble official Microsoft or bank inquiries. None of these services will ask you for your bank account number, password, or social security number over email.
Please Click Here
Phishing emails will often try to get you to click on an embedded URL. Hovering over the link will reveal the actual hyperlink. Long hyperlinks that don’t direct to the website as advertised are an immediate red flag. Spam filters are continuously updated to filter out emails that include links like these, even so, spam filters are by no means infallible. If you’re not sure, err on the side of caution. Aggressive cyber criminals will use domain names that increasingly resemble the domain of the organization they are pretending to be (i.e. realcompany.com.fakecompany.com). Check out this extremely convincing phishing attempt using a popular bank here.
Urgent Action Required
Psychologically, cyber criminals are trying to prompt users to take immediate – and detrimental – action by creating a sense of urgency. An email notifying you that your account has been compromised, closing, has experienced an “unauthorized log in attempt”, may be suspended, or requires immediate attention (with excessive capital letters and exclamation marks) are common phishing tactics. Many organizations that handle sensitive data do not rely on email to communicate an urgent issue that requires your immediate attention.
Sorry State of Spelling
Most organizations will have a number of eyes review their email copy before they send it out. Grammar and spelling errors are a quick way to spot a phishing attempt.
Not sure if your IT environment is secure? Let our team help! Click here to book a meeting with us today.
AlphaRidge is a leading MSP located in NY. With over 15 years of managed services experience, AlphaRidge experts have solutions for your specific needs. We place the highest value on the protection and privacy of your data, and we maintain transparency to you with every service we provide. Our white glove on-site and remote service is designed to demystify IT and streamline your concerns into rapid solutions, so that you can focus on what you do best. Consider our team, your team.
This blog post, in addition to any posts presented on the AlphaRidge blog are written for informational purposes only, and should not be seen as technological, financial, healthcare, legal, etc advise.