Phishing emails have been around nearly as long as email itself. Once criminals saw that they could make their way into someone’s inbox and trick them to click on a malicious link or download a virus-laden attachment, it quickly became the number one cause of data breaches (and still is).
The human equivalent of phishing, would be something like running into someone you know at work, they tell you they’ve got something urgent they need you to do right away, then you only later find out it was an android disguised as your friend and they just tricked you into giving them the keys to your house.
Phishing is designed to trick the user and often it’s nearly impossible to tell the difference between a real email from a legitimate company and a fake one at first glance. But there are some telltale signs of phishing and knowing those can help you avoid an infected network and data breach.
45% of network infections are due to human error.
When helping our clients with on-demand IT support Riverside CA and virus removal, our Neuron Computers techs often find that the culprit of an infection that could be a potential ransomware attack was a phishing email that tricked one of their employees into downloading something dangerous onto their system, which quickly attacked the whole network their device was connected to.
Education and vigilance are the keys to thwarting phishing attacks. It’s important to know the tricks that these attackers use in order spot the fakes in the sea of other legitimate emails in your inbox.
Some of the tactics employed in phishing attacks are:
Because phishing is considered more “low tech” than a hack into a network directly, some companies make the mistake of not putting enough emphasis on phishing awareness training.
But some of the most high-profile network breaches have happened due to fake fishing emails tricking a user into inviting a malicious agent into their system accidentally (like the hacked DNC server back in 2016). Even tech giants like Facebook and Google have been scammed out of millions from phishing attacks.
It’s a good idea to hover over any link in any email before you click it to make sure it’s taking you to a legitimate place. Hackers will often use text that looks legitimate, but the hyperlink actually is going to a malicious website.
If you hover over the link with your cursor without clicking on it, the true URL will reveal itself in a popup. Check out the example below which is designed to look like an AT&T billing email. It looks completely legitimate, but when the link text “right here” is hovered over, the URL is definitely NOT one from AT&T!
You can often spot a phishing email if it contains an attachment that is known to have the ability to infect your system. Some are easier to spot than others because legitimate emails don’t normally attach these file types, such as:
More common file types, but ones that have the ability to contain malware are:
It’s a good idea to have an email security software that scans any attachments for malicious code before they’re opened.
Scammers will often use emotions to get you to react. Such as threatening deactivation of your account if you don’t click a link to update your information immediately. Be suspicious of any emails with threats like this used to get to you take action before fully evaluating the email. Locking down your profile logins will help.
The “From” address might say “UPS Support” but if you click to reveal the message source code or headers, you find it’s not coming from UPS at all. Take time to reveal the code behind the message to see if the email address being used is legitimate.
While scammers have definitely become more sophisticated in creating believable phishing emails, there are still plenty of them out there that are lazy. Poor grammar and misspelled words are a dead giveaway of a phishing email.
A common phishing scam is to make an offer of a purchase order to your company, but first you need to login to their website to download the PO. The catch is that they ask you to login using your email username and password. Which of course is just their way of stealing your credentials (which, if you’re like many, you use in other logins too).
Any website would have no way of already knowing that information, thus couldn’t set up a legitimate site using your email and PW as a login.
Any type of data breach is costly to an organization. Are you sure your network security is rock solid? We can help with a FREE 21-Point Cyber Security Audit that lets you know if you have any weak spots.
Contact Neuron Computers today to schedule your free audit. Call 1-833-4-NEURON or sign up online.