Cyber Security Awareness Training Series – Part I – Email (Phishing)
What Is Phishing?
If someone wanted to catch their own seafood dinner they would set some bait on the hook, cast it into the wide ocean and hope that they could trick a fish into biting what it thinks it’s just something to eat. If someone wants to distribute malware or steal personal information they might send out an email with bait that looks like something worthwhile and then cast it to a wide audience intentionally deceiving people by posing as a legitimate company, service or individual. Criminals typically utilize email to pretend to be a company or service, requesting that you do something usually urgently. They are hoping that you then click the link and fill out the requested information. once they have this information they may be able to use it in the future to steal your identity or access your accounts.
What is Spear phishing?
An even more direct and targeted method is called Spear phishing. Instead of going after many victims for a small reward the criminal goes after an individual or a small number of high-value victims. This method uses information tied to your company or you personally. From research on social media or elsewhere. Email addresses and links look very close to a colleague or business partner and corporate or partner logos are used to look authentic. The goal is typically to get access to a system by gathering your credentials or to install malware on your computer.
So, what should you be looking out for with phishing emails?
Well, first, look at the sender! Is it actually who claims to be? It may say it’s from PayPal but when you look at the domain name (for example firstname.lastname@example.org), the part after the @ symbol, it has nothing to do with PayPal at all. Did you notice the extra “L” in paypall.com? Another tell is grammatical or spelling errors contained in the email.
Finally, if you mouse over the login link at the bottom, you’ll notice that it does not say paypal.com. These tells reveal that this email is not from the real PayPal. Usually, the tells are fairly easy to spot when you know what to look for, but sometimes they’re much more subtle, maybe only off by a letter or two or just inverted. The safest practice is to never click on a link in an email but instead to go directly to the site by typing in the URL. Clicking on the link in your favorites or performing the search for the organization.
Some of the top tips to avoid phishing are:
Check who the email sender really is!
If you have any doubt and the email looks fishy, try to contact the sender by phone or text message and confirm if they sent the email. Do NOT reply to the email!
Check the email for grammar and spelling mistakes.
Double-check the email sender’s address by hovering the mouse over the sender’s name or double-clicking on it to open a pop up that reveals the full address. Look for any suspicious typos or misspellings. Make sure the address is true and complete.
Check the links in the email carefully
Contact your IT department
Seek expert advice
If you liked what you read and are interested in finding out more about Network Security Services in Orange County get in touch with us for a free consultation today! Our IT specialists will help you figure out how you can have your network secured and protected in no time at all.