094 90 48200     Get SUPPORT

Aniar IT Services Blog

Think Before You Click: Spotting a Phishing Attempt

Think Before You Click: Spotting a Phishing Attempt

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from , right? Well, if you get an email about your password or telling you to log into your account and it’s from , you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from or emails from PayPal might come from . It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com - This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Aniar IT Services. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

Know Your Tech: Virtual Machine
Microsoft is Constantly Improving Office 365
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, October 14 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Privacy Cloud User Tips Email Productivity Network Security Microsoft Workplace Tips Data Hosted Solutions Innovation Google Internet Hackers Tech Term Hardware Efficiency Software Communications Managed IT Services Data Backup Communication IT Support Windows 10 Computer Small Business Smartphones Business Cloud Computing Data Recovery Mobile Devices Malware Smartphone Gadgets Android IT Services Mobile Device VoIP Cybersecurity Outsourced IT Network Collaboration Backup Internet of Things Artificial Intelligence Server Windows Browser Business Management Users Miscellaneous Spam Chrome How To Information Office 365 Saving Money Phishing Router Computers Applications Passwords BDR Business Continuity Managed Service Upgrade Word Cybercrime Data Security Two-factor Authentication Money Display Data Storage Encryption Infrastructure History Microsoft Office Staff Windows 7 Blockchain Vulnerability Operating System Data Protection BYOD Paperless Office Holiday Social Media Facebook Ransomware Mobile Device Management Remote Monitoring Connectivity Settings Access Control Virtualization Wi-Fi Digital Signage Law Enforcement Sports Machine Learning Cryptocurrency Telephony CES Unsupported Software Software as a Service Scam Training Augmented Reality Managed IT Fraud Business Intelligence Human Resources Update Apps Content Management Quick Tips Keyboard Spam Blocking Botnet VPN Processor Password Disaster Recovery Virtual Assistant Managed IT services Bring Your Own Device Government Redundancy Voice over Internet Protocol Automation IT Management Telephone Systems Website App Meetings Save Money Social Engineering Google Drive Avoiding Downtime Education Identity Theft Telephone System Comparison Vendor Private Cloud IT Plan Help Desk Google Docs OneNote Remote Computing Workers Specifications Batteries Data Management Printer Tip of the week Trending Employee/Employer Relationship Public Cloud Mobile Computing Default App Evernote Cleaning HaaS Virtual Machine Recycling Devices Cryptomining Biometric Security Windows Server 2008 R2 Authentication Data loss 5G Google Search Virtual Private Network Computer Fan YouTube Mouse Windows Server 2008 Practices Safe Mode Security Cameras Cache Software Tips Smart Office HBO IT Infrastructure Networking Hacker Shortcuts Hypervisor eWaste Thought Leadership The Internet of Things Remote Worker Database Telecommuting Manufacturing Amazon Bandwidth Cortana Alert Save Time Remote Workers FENG Microchip Computer Care Charger Hosted Computing Smartwatch Skype Data Breach Wireless Internet Document Management Camera Outlook Investment Enterprise Content Management Mobility Vendor Management Legal Big Data Wiring Business Technology Travel Remote Work Virtual Reality Amazon Web Services Accountants Hard Drive Password Manager Nanotechnology Proactive IT Tools Work/Life Balance Managed IT Service Search Engine Patch Management Wireless Charging Inventory Health Start Menu Project Management HIPAA USB Solid State Drive Frequently Asked Questions Recovery ROI Password Management Social Sync Multi-Factor Security Saving Time Criminal Windows 10s Firewall Cabling Downtime WiFi Business Mangement Smart Tech Screen Mirroring MSP Net Neutrality Millennials Managed Services Provider Digital Signature Servers Bing GDPR Google Apps Employer-Employee Relationship Wireless Employee Bitcoin Electronic Medical Records Wire Audit Physical Security Entertainment Warranty Excel Root Cause Analysis NIST Procurement Addiction Unified Threat Management Cables Online Shopping Flash Gmail Cast File Sharing ISP Value Workforce OLED Credit Cards PDF HVAC Presentation Compliance Hard Drives Lithium-ion battery Search Wireless Technology Regulation Tech Support Safety IBM Marketing Productivity CrashOverride Emergency Company Culture Budget Competition Customer Relationship Management IP Address Managed Service Provider Managing Stress Hiring/Firing Customer Service Printers Mobile Office Twitter Personal Information Domains Fun Windows 10 Financial Public Speaking Using Data