Think Before You Click
Phishing attacks are more commonplace than you might think. Whether it’s scamming someone into sending payments to fund who knows what or simply spreading malware or viruses, these phishing attacks are a part of doing business; therefore, it’s important that you take measures to avoid some of the most clever tricks in the book. Let’s examine some of them.
Phishing attacks are attacks that come in the form of actual legitimate emails. Cybercriminals try to trick users into handing over important credentials, sharing important information, and downloading malware. Phishing emails are particularly dangerous because they can seem quite real. A phishing attempt for your PayPal information could look just like your everyday PayPal message. To make matters worse, phishing emails instill a sense of urgency in their targets, spurring them to take immediate action to pay an overdue bill or change a stolen password.
How to Spot a Phishing Attack
Even the best of us can be tricked by phishing scams from time to time, and it’s all because they can take so many different forms. Thankfully, there are plenty of ways you can prepare your team to identify phishing scams. Here are some tips to consider:
- Maintain strong, unique passwords: If your account is ever hacked, then the least you can do is make sure that the password you use for that particular account isn’t used anywhere else.
- Check the email address in the header: Make sure that emails appearing to come from a particular domain are, in fact, actually coming from that domain. For example, whatshisname from PayPal should have an email address of firstname.lastname@example.org. However, you need to make sure that emails aren’t coming from a subtle domain like email@example.com. Of course, you have to be exceptionally careful about any messages asking you to click links or submit sensitive information.
- Don’t automatically download attachments: Most malware will find its way onto your network through email attachments. If you haven’t specifically requested an attachment, it’s safe to say that you should be more than a little skeptical if you receive one in an inbox. If you have any reason to doubt the authenticity of the attachment, you should take a moment to reach out to the sender in an alternative form of communication and confirm that it works.
- Look before you click: If the email has a link in it, take a moment to hover your mouse over it before you click. This gives you the true nature of the link. Here are some examples of legitimate and suspicious URLs:
- com - This is safe. That’s Paypal’s domain name.
- com/activatecard - This is safe. It’s just a subpage on Paypal’s site.
- paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
- paypal.com/retail - This is safe. This is a subpage on Paypal’s subdomain.
- com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in Paypal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
- com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
- com/activatecard.tinyurl.com/retail - This is tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after Paypal’s domain? That means it’s not Paypal. Tread carefully!
Of course, all organizations handle domains differently, but these rules above should give you an idea of what to look for in illegitimate addresses.
Training your employees to identify these phishing emails will go a long way toward keeping your business secure. CalTech can help you implement solutions designed to limit the threat of phishing attempts and help your employees stay aware of the dangers. To learn more, reach out to us at 877-223-6401 or visit https://www.caltech.com/cyberdefense.