What is phishing?
Phishing is when someone sends an email or text message pretending to be from a trustworthy organization in an attempt to obtain private data, such as your login credentials, banking details, or other sensitive information. In other words, phishing is a modern type of scam.
Cybercriminals send out thousands of emails and texts in the hopes of tricking people into sharing their personal information or sending money. Unfortunately, it works. But the good news is there are ways to identify phishing and protect yourself and your organization.
How can I identify phishing?
Let’s use the following phishing email as a reference.
Review the email address the message was sent from.
In many cases, the email address will look completely bogus, like a series of letters and numbers. In the example above, the sender is posing as PayPal, yet the email address is a smorgasbord of characters – a sure sign of a phishing email. The name of the account itself appears as service@paypa|.com, which is another indication of the email being a scam.
Scrutinize the greeting and sign off.
Phishing emails may be generic and not properly addressed. Instead of having a formal greeting like “Hello Roger Miranda,” it may say “Dear user,” or may not have a greeting at all.
A legitimate organization like PayPal will always include your full name in the email. Organizations will also have their logo, branding, and boilerplate message at the bottom which typically include links to their social media accounts and privacy statement.
Be wary of what the sender is asking of you.
Scammers use a sense of urgency to get you to act. In the fraudulent email above, the sender claims my PayPal account has been temporarily restricted because of suspicious activity. A classic hook. The email then asks me to log in to “PayPal” and follow the steps requested, but this is all a ruse.
If I were to click on the link and log in, I would be handing my credentials over to a stranger who would then be able to access the banking and credit card information on my PayPal account.
Other common claims in phishing emails are that there’s a problem with your payment information, your personal information needs to be verified, or that you need to submit payment. When in doubt, do not click any links in the email. Instead, go to the company’s website and log in directly to see if there are any issues.
What are ways to protect against phishing?
Get security training for your staff. Having a human firewall is your organization’s best defense against phishing attacks. A 3rd party security awareness trainer can teach your staff the ins and outs of phishing emails and prevent them from being tricked.
Update your software. Make sure you allow your computer and smartphone software to update automatically so they have the latest security protections.
Set up multi-factor authentication. Multi-factor authentication (MFA) is a process in which a user is granted access to a website or application only after providing multiple forms of verification to prove the user’s identity. Setting up MFA will add an extra layer of security and make it more difficult for scammers to get into your account.
Install a phishing filter. These are available for both your web browser and email application. While they won’t keep out 100% of phishing emails, they will reduce the number of phishing attempts you receive.
If you or your organization would like further guidance on how to deal with phishing, contact Evident IT via our online form or call us at 204-282-9500.