094 90 48200     Get SUPPORT

Aniar IT Services Blog

By accepting you will be accessing a service provided by a third-party external to https://www.aniar.ie/

Think Before You Click: Spotting a Phishing Attempt

Think Before You Click: Spotting a Phishing Attempt

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from , right? Well, if you get an email about your password or telling you to log into your account and it’s from , you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from or emails from PayPal might come from . It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com - This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Aniar IT Services. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

Know Your Tech: Virtual Machine
Microsoft is Constantly Improving Office 365
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, July 15 2020

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Business Computing Productivity Best Practices Cloud Privacy Network Security Innovation User Tips Email Hosted Solutions Workplace Tips Internet Data Efficiency IT Support Microsoft Software Hackers Google Hardware Data Backup Communication Business Data Recovery Cybersecurity Small Business Tech Term Managed IT Services Smartphones Cloud Computing VoIP Communications Collaboration IT Services Windows 10 Phishing Mobile Devices Gadgets Android Backup Mobile Device Computer Business Continuity Users Malware Smartphone Outsourced IT Network Browser Saving Money Artificial Intelligence Windows Information Disaster Recovery Business Management Miscellaneous Facebook Internet of Things Server Managed Service Upgrade Spam BDR Passwords Quick Tips Automation Office 365 Social Media Router Chrome How To Apps Windows 7 Blockchain Microsoft Office BYOD Paperless Office Holiday Word Cybercrime Computers Data Security Applications Data Storage Infrastructure Human Resources History Networking Bandwidth Staff Government Data Breach Vulnerability Operating System Remote Work Patch Management Data Protection Save Money HIPAA Ransomware Telephone System Remote Monitoring Mobile Device Management Connectivity Settings Money Virtualization Two-factor Authentication Display Wi-Fi Encryption Managed IT Update Business Intelligence Augmented Reality Keyboard Content Management VPN Spam Blocking Botnet Processor Password Virtual Assistant Managed IT services Bring Your Own Device Redundancy Voice over Internet Protocol Vendor Management IT Management Business Technology App Telephone Systems Hard Drive Big Data Meetings Health Social Engineering Website Google Drive Avoiding Downtime Servers Mobile Office Education Managed Services Provider Identity Theft Comparison Audit Vendor Procurement Private Cloud IT Plan OneNote Help Desk Google Docs Machine Learning Access Control Compliance Digital Signage Law Enforcement Sports Cryptocurrency Telephony Employee/Employer Relationship CES Unsupported Software Fraud Software as a Service Scam Training YouTube Mouse Windows Server 2008 Windows Server 2008 R2 OneDrive Authentication Data loss Google Search Virtual Private Network Computer Fan HBO FinTech IT Infrastructure Social Network Practices Safe Mode Security Cameras Covid-19 5G Cache Software Tips Smart Office Computing Amazon Shortcuts Hypervisor Remote eWaste Thought Leadership Remote Worker Database Telecommuting Manufacturing FENG Microchip Computer Care Copiers Hacker Cortana Alert Save Time Remote Workers The Internet of Things Outlook Investment Printing Charger Hosted Computing Smartwatch Skype Peripheral Wireless Internet Document Management Camera Virtual Reality Professional Services Amazon Web Services Accountants Enterprise Content Management Mobility Going Green Legal Wiring Travel Search Engine Development Password Manager Nanotechnology Proactive IT Tools Work/Life Balance Managed IT Service Printers Frequently Asked Questions Recovery ROI Personal Wireless Charging Inventory Start Menu Project Management Quick Tip USB Solid State Drive Cabling Fiber Optics Downtime Password Management Social Sync Multi-Factor Security Saving Time Office Criminal Twitter Windows 10s Firewall Bing WiFi Messaging Business Mangement Smart Tech Screen Mirroring MSP Net Neutrality Millennials Digital Signature Entertainment Warranty Excel GDPR Digitize Google Apps Employer-Employee Relationship Employee Bitcoin Regulations Electronic Medical Records Wire Physical Security Cables Trend Micro Online Shopping Root Cause Analysis NIST Supply Chain Management Wireless Addiction Unified Threat Management Policy PDF HVAC Flash SMS Gmail Cast File Sharing ISP Value Workforce OLED Using Data Credit Cards Printer Tip of the week Remote Computing IT Assessment Workers Specifications Batteries PCI DSS Data Management Procedure Default App Shopping Evernote Cleaning Trending Managed Services Public Cloud Mobile Computing HaaS Virtual Machine AI Recycling Devices Cryptomining Biometric Security Information Technology Regulation Tech Support Wireless Technology IBM CrashOverride Safety Company Culture Marketing Emergency Productivity Budget Customer Relationship Management Managed Service Provider Competition Managing Stress IP Address Hiring/Firing Customer Service Fun Personal Information Domains Windows 10 Financial Public Speaking Hard Drives Presentation Search Lithium-ion battery