IT Support
Phishing Attacks are on the Rise! How to Spot a Sophisticated Phishing Attack
What is phishing? In terms of cyber security, when we talk about phishing, we aren’t talking about spending hours on a lake trying to snag the biggest bite. It’s much more sinister than that.
Phishing is a type of social engineering attack often used to steal a user’s data, often including login credentials and credit card numbers.
It occurs when an attacker – pretending to be a trusted entity – tricks a victim into opening an email, instant message, or text message, opening an attachment, or entering their credentials into a fake login page.
Why is this important? Because phishing attacks remain on the rise, year after year. According to Statista.com, almost 350 billion emails are estimated to be sent daily in 2022. What is really shocking with this stat is that over half of all emails sent contain some sort of malware, ransomware, spyware, etc.
Email phishing remains a top security threat. Now more than ever, phishing attacks are even harder to spot. Cyber thieves are using information that companies have gathered on you by means of the Dark Web, and they’re using social media to personalize their attacks against you, your customers and your business.
Just like it is recommended that you take at least 20 seconds to wash your hands to avoid germs, we recommend you take at least 20 seconds to review each email to avoid falling victim to a phishing scam. We call this Good Email Hygiene.
It’s obviously important to have good email hygiene! But it is a lot easier said than done. So, how can we have good email hygiene?
Here are seven ways you can protect yourself from phishing scams:
WATCH FOR OVERLY GENERIC CONTENT AND GREETINGS
Look for examples like “Dear valued customer, Dear id number, dear sir, hello madam.” Any of these greetings are a sign of a cyber attack because hackers like to send a batch of thousands of emails at time. They can buy these huge email lists from the dark web, and they just don’t have the patience or even the need to learn everyone’s names, especially when they can have the same success without as much detail.
EXAMINE THE ENTIRE FROM EMAIL ADDRESS
The first part of the email address may be legitimate, but the last part might be off by letter or may include a number in the usual domain. An example of this – we are all shopping from home now more than ever before on sites like amazon… As we know, amazon sends notification emails as your purchase is being processed, and the hackers know this as well. They imitate amazon emails all the time, but you can tell it’s a phishing scam simply by checking the from address for a misplaced letter in the domain.
LOOK FOR URGENCY OR DEMANDING ACTIONS
Phrases like “You’ve won! Click here to redeem prize,” or “We have your browser history pay now or we are telling your boss.” With phrases like these, the hackers are basically trying to trick you right away. They’re trying to create a sense of panic because the longer you look at the email, the more likely you’ll be able to figure out that it’s a scam.
CAREFULLY CHECK ALL LINKS
Mouse over the link and see if the destination matches where the email implies you will be taken. The actual URL will either pop-up as you are hovering or display at the bottom left corner of your screen. If you are not familiar with the URL, do not click it.
NOTICE MISSPELLINGS, INCORRECT GRAMMAR, & ODD PHRASING
It’s no longer a case of a hacker not knowing proper English with all these spelling mistakes in their scam emails. It’s actually about the email spam filters. Microsoft, Google, Apple, they all do a great job catching most phishing scams, but the ones with spelling errors tend to slip through because the filters see mistakes as a sign it was made by a human.
CHECK FOR SECURE WEBSITES
Any webpage where you enter personal information should have a url with https://. The “s” stands for secure. What we’re talking about here is if a url has HTTPS, any information that’s being entered into the website is being encrypted. If there are any hackers lurking on that website, they won’t know what’s being written because of the encryption. If you’re on a website that has only HTTP, any and all information entered is in simple/plain text, meaning no encryption.
DON’T CLICK ON ATTACHMENTS RIGHT AWAY
Attachments containing viruses might have an intriguing message encouraging you to open them such as “Here is the Schedule I promised.” Never click on an attachment from an unknown or unreliable source, especially if you are not expecting one. If you do, you run the risk of having malware installed on your device. If it is possible that the email is legitimate, check with the sender directly by different means to confirm they sent you an attachment before opening it.
Want to get your business started on the path to better cyber resilience? Contact us about our Managed Services to find out about our best Cyber Security Solutions!