What is Phishing?
At the most basic level, a phishing scam involves sending fraudulent emails that appear to be from a reputable person or company, with the goal of deceiving recipients into either clicking on a malicious link or downloading an infected attachment, usually to steal financial or confidential information.
Phishing attacks are now considered the main source of data breaches. 91% of cyber-attacks start with a phishing email.
Even with so much attention given to the subject, there is still a lot of confusion about the subject – and rightfully so. Phishing attacks are becoming more sophisticated and targeted, and even the most tech-or security-savvy people can find themselves a victim. So, how do you make sure you don’t fall victim as well? Check out our list of 5 things to look for before you click on that email!
Your first clue that an email may not be legitimate will always be the sender. Do you know this address? If not, treat the mail with suspicion and don’t open any attachments until you verify they were sent by a trusted source. If you believe you do know the sender, double check the actual email address. Often, a phishing email will be designed to look like it comes from a person you know, but there will be a slight variation in the address or they will show you a name you recognize.
Pay attention to subject lines! While something like “Claim your ultimate deal now!”, can be an obvious sign of a phishing email, the far more successful subject lines are the ones that don’t raise that much suspicion. “Account action required”, “Delivery status update”, or “Billing statement confirmation” can all be ploys to weaken the email recipient’s defenses through ordinary alerts.
Always remember that if something legitimate is that important, your bank, employer, doctor’s office, retailer or credit card company will find an alternate way to contact you when you don’t respond by email.
The body of the email can hold a lot of new clues, including misspelled words and confusing contests. For example, are you asked to verify a banking account or login to a financial institution that you don’t have an account with? Did you get an email from someone you may know that has nothing in it other than a short URL? Does the content apply to you or make sense based on recent conversations or events? Hackers can use current or popular events to their advantage. Holiday shopping, tax season or a natural disaster or tragedy relief efforts are all commonly used to sneak an unsuspecting phishing email into the inbox of thousands of targets. Did you know the IRS reported a 400 percent increase in phishing scams for last year’s tax season alone?
The best rule – do NOT open an attachment if any other aspect of the email seems suspicious. Attachments often carry malware and can infect your entire machine. Click to preview the attachment to see if you can view the document. If it won’t preview chances are it has some type of executable embedded in the file.
Like attachments, do NOT click on a link if anything else about the email seems suspicious. This is usually the attacker’s ultimate goal in a phishing scam – lure users to a malicious site and trick them into entering login credentials or personal information, allowing the attacker full account access.
If you do click on a link, be sure to also verify the actual URL. Are you on Google.com or Go0gle.com? The variations can be slight, but they make all the difference. That said, not all malicious sites will be visibly reflected in the URL, so you will not be able to tell the difference. If this is the case, most browsers have built-in phishing protection to alert you that something is wrong. Having the right IT Company is a very important component as well.
By using these five email checkpoints, you will be more equipped to catch a phishing email before any harm is done. However, some phishing attacks are so sophisticated that they can even fool the savviest of users so if you have any questions or you want to know more about how to protect your business and employees from phishing scams, contact us for a free cyber security evaluation.
Phillip Long - CISSP, CEO of BIS Technology Group, along with his team of marketing and information technology experts, will walk you through an overview of what your business should be doing to protect your data and plan your digital marketing strategies.
About BIS Technology Group
BIS Technology Group is the technology leader on the Gulf Coast and is comprised of four divisions: Information Technology, Web Design & Digital Marketing, Office Equipment and Business Consulting. Together these divisions help local businesses exceed expectations and allow them to group to their full potential while minimizing risks. To learn more about BIS Technology Group, visit bistechnologygroup.com.
You may reach out to us at: