Phishing 101: Don’t Get Hooked
The most talented cybercriminals are lazy. They want somebody else to do their work for them. Why bother attacking a network, when an employee or executive can open the door by clicking a link in an email?
You use email every day for work, for communicating with family, and for doing ordinary business. Your bank probably emails you an online statement. Your inbox fills up with electric bills and receipts for online purchases.
Email has become one of the easiest avenues for cybercriminals to attack businesses and private individuals through a technique called phishing.
Phishing is an attack that uses email or messaging through a social media platform to trick you into opening a link or an attachment. It can also be used to fool you into entering passwords or personal information on a fake website designed to look legitimate.
For instance, you might get an email that appears to be from your bank, stating that your account has been compromised or suspended. The link might lead to a fake login screen, using the bank logo, where you enter your login credentials and password, providing thieves access to your real bank account.
Protect Yourself from Phishing Attacks
In most cases, just reading an email or message won’t hurt you. For a phishing attack to work, you have to be tricked into performing an action. It’s important to watch for the signs that a message is an attempt at phishing. Here are the most common indicators:
- The email demands immediate action before something happens like closing your account or subjecting you to fines.
- You receive an email that entices you to open an attachment such as a letter from the IRS threatening prosecution or details of unannounced layoffs at your company.
- The email requests sensitive personal information, such as passwords or account numbers.
- The email is supposedly coming from an official organization but uses a personal email address such as @yahoo.com or @gmail.com.
- The email, which is supposed to be from a business or government organization, contains spelling errors or bad grammar.
- The link in the email appears to take you to another site not connected to the organization.
- You receive a message from someone you know, but it does not sound like them and contains a strange link.
When in doubt, delete any email or messages you believe could be phishing attacks. Train your employees regularly on how to spot phishing attempts and test them. It pays to be careful.
Sword & Shield offers Phishing Services, conducted by our expert Managed Security Services analysts in a safe and controlled environment, for businesses to increase awareness. This, in turn, proactively heads off team members falling prey to a real attack. Learn more here or request a free consultation here.