Phishing Awareness: How to Identify a Phishing Attack
Phishing is one of the most common tactics cyber criminals use to try to extract confidential information from unsuspecting victims. Every day, over 160 million phishing emails are sent and 10% of those make it through filters. Half of those emails – about 8 million are opened. About 80,000 people fall for phishing attacks every single day.
Sometimes, phishing emails are so outlandish that it’s easy to identify a phishing attack. Others? Not so much.
There are serious consequences for phishing victims and their employers, including loss of productivity, bandwidth and access to accounts – not to mention the financial implications that can occur.
Even if you’re inundated with emails, phishing awareness is crucial to anyone who sends or receives emails. Below are just a few examples of how you can avoid phishing before falling victim:
The Message Asks for Personal Information
Nobody in their right mind will ask you to send a bank account or social security number over email. Seasoned phishermen do their best to make an email look as authentic as possible, with use of signatures, logos and spoofed display names & email addresses. Remember, your bank already has your account number, they don’t need you to confirm it – and if they do, call them directly.
There are Mismatched URLs in the Email Body
Spammers use spoof websites all the time that mimic a real-life domain to try and extract information from unsuspecting victims. The email may say realsite.com but if you hover over the link it shows realsite.fakesite.com. It’s easy to hyperlink text to a different domain in outlook, and most people would never think to check & potentially avoid phishing.
The Message Has Poor Spelling & Grammar
When emails go out to an entire company there is usually some review process in place. Phishers don’t have anyone to spellcheck for them. You can avoid phishing by simply ignoring poorly worded emails that seem out of character.
Your Message Says You Won Something You Didn’t Enter
If you buy a lottery ticket and get an email saying you won the lottery that seems plausible, right? Sorry, but the lottery doesn’t send out emails. If you didn’t buy a lottery ticket, it’s impossible to win the lottery in the first place. Unfortunately, it’s not your lucky day, unless you consider your ability to identify a phishing attack as luck.
The Message is Intimidating
The IRS, FBI, CIA or Police will show up at your house before they send you an email. Unsolicited confrontation from federal agencies using scare tactics is not protocol. Our best tip is to ignore these messages, avoid phishing, and go about your day. You probably didn’t do anything wrong.
You’re Asked for Money in the Message
If Suzie in the cube next to yours sends out an email to your team asking you to pay up for your Girl Scout Cookies and you bought Girl Scout Cookies from Suzie’s daughter, then go ahead and write her a check or use PayPal. However, if you’re told in an email that you owe back taxes and need to pay by this date using this link then it’s certainly a scam.
Phishing Awareness Can Prevent You from Becoming a Victim
Identification is the most important step you can take to avoid a phishing attack. Most of the responsibility in avoiding phishing attempts falls on the end user, because they are the ones receiving the email.
As an IT Department, it’s important to have filters set up to discourage phishing emails from ever showing up in an inbox, but unfortunately sophisticated attempts can still find a way through.
Statistics show that 97% of end users are unable to identify a sophisticated phishing email. It’s odds like that that keep spammers going day after day. Train your team on phishing awareness and everything should be just fine.
Another helpful tip is that email marketing attempts from trusted brands will almost always reference customers by name, because they have that information and want to come off as personable. If you’re vaguely referred to as a “valued customer” instead of your name that may be a red flag.
Don’t always believe what you see. Never give out personal information and double check with the source directly if something seems suspicious. Call your bank. Type the URL shown in the body copy directly into your browser. Taking a few extra minutes to validate an email can save you a headache later.
Get More Tech Tips & News from ThrottleNet
ThrottleNet is a full-service Managed Network provider in St. Louis offering small businesses cost-effective IT solutions without contracts. Learn more about our services online or contact us today to learn how we can help your business grow. Like us on Facebook & watch the latest episode of TN Tech Talk today.