Phishing is a type of online scam where criminals send emails masquerading as a legitimate entity and attempt to acquire sensitive information such as usernames, passwords and credit card details.
There are many different phishing techniques used by cybercriminals today to obtain sensitive information. A common technique is an email that includes a link that appears to take you to the company's website to fill in your information, but the website is a malicious fake and the cybercriminal records all information you provide.
How to Spot the Scam
1. Watch for Overly Generic Content and Greetings
Cyber criminals will send a large batch of emails. Look for examples like "Dear valued customer."
2. Examine the Entire from Email Address
The first part of the email address may be legitimate, but the last part might be off by letter or may include a number in the usual domain.
3. Look for Urgency or Demanding Actions
"You've won! Click here to redeem prize," or "We have your browser history pay now or we are telling your boss."
4. Carefully Check All Links
Mouse over the link and see if the links destination matches where the email implies you will be taken.
5. Notice Misspellings, Incorrect Grammar, & Odd Phrasing
This might be deliberate attempt to bypass spam filters.
6. Check for Secure Websites
Any webpage where you enter personal information should have a URL with https://. The "s" stands for secure.
Additional Tips to Stay Safe
1. Don't Click on Attachments or Links
Virus containing attachments might have an intriguing message encouraging you to open them such as "Here is the schedule I promised." Don't click on anything until you know the email is legitimate. Links and attachments can lead you to malicious websites or install harmful malware to your device.
2. Contact the Source Directly
Contact the company or person directly using a phone number or website URL you know is correct. Use a search engine to look up the website or phone number for the company or person who is contacting you. Do not use or click on the information in the email to contact the source.
3. Phishing Isn't Limited to Email
Even if you successfully identify phishing attempts in your work inbox, it does not mean you are safe from other forms of phishing. Hackers regular compromise social media accounts to send out malicious links, which can be especially dangerous if you use these platforms on your work devices.
4. Cybersecurity Awareness Training
One of the most effective measures you can take to protect your business and your bottom line is to train your employees and yourself in cybersecurity awareness. Employees that are trained to recognize the signs of phishing attacks become your organization's best line of defense against cybercriminals.
Aligned Technology Solutions is here to help! We offer a comprehensive cybersecurity awareness training solution that can simulate phishing attacks and provide video-based training campaigns to educate employees who may need it.
Contact us today for a free security consultation to discuss what type of solution would be best for your business.