One of the most masterful arts of deception that hackers use is the phishing attack, which attempts steal sensitive credentials from unwary victims. The anonymity afforded to criminals on the Internet is what makes this possible. Using phishing attacks, hackers attempt to steal credentials or personal records by forging their identities. What’s the best way to protect your business from these attacks?
Just like any other kind of fishing trip, a hacker will cast out their line by sending emails disguised as legitimate organizations. They then hope that someone will bite–someone who’s willing to provide the requested credentials or information. What a lot of users might not realize is that phishing emails are pretty obvious, if you know what to look for.
Take a Good Look at the Message’s URLs
Many phishing emails try to hide their schemes behind legitimate-looking URLs in the message. Some links will be designed to either direct you to a malicious web page, or execute a download of malicious files. Either way, you don’t want to be caught in this situation, so take a moment to hover over the links (don’t click them) and check to see where they really go. You should see the real destination appear in the bottom-left corner of your web browser.
Does the Message Request Personal Information?
The main goal of a phishing scam is often the obtaining of sensitive credentials or personal information. This includes Social Security numbers, credit card information, usernames, passwords, and so much more. Some of the more elaborate phishing scammers will go out of their way to make it look like they’re someone you know, be it a local bank representative or government official. It’s important to keep in mind that nobody will request your personal information through an email. Large organizations will almost definitely contact you via direct mail before anything else. Never send anyone your sensitive information through email, for any reason.
Does the Message Look Unprofessional?
While the rules of proper spelling and grammar elude a vast majority of people at times, you can generally count on large companies to practice proper communication etiquette with their emails. Therefore, if your inbox is filled with emails from, say, Microsoft, and these messages are full of spelling and grammar errors, it’s safe to assume that it’s not a legitimate email, and you should treat it as a threat.
What Exactly Are They Talking About?
Some phishing scams will act like you’ve won a great prize and need to claim it immediately. An example of this is a message claiming that you’ve won the lottery, and you need to claim the money before it’s too late. Think logically here; if you haven’t entered to win anything, you shouldn’t expect any messages like this. Either way, it’s a safe bet that if the offer is too good to be true, it’s probably just a scam.
Are There Suspicious Attachments?
One of the most common ways that ransomware and other dangerous malware is spread is through documents or files that are attached to phishing emails. These can take any form, but will likely look like a resume, shipping information, or some other document or zip file. If it’s an unexpected document, make sure it goes through the proper channels before downloading it.
In general, the best thing you can do for your business and your employees is educate them about how to avoid phishing scams, and to integrate some kind of spam solution. Contact PACE Technical Services at 905.763.7896 to find out how you can make any dangerous spam and phishing emails a thing of the past.