Don’t Be the Catch of the Day - Exploring the World of Phishing Emails
Don’t click in that email! Most people simply don’t have the time to carefully analyze every message in their inbox. Today’s employees are expected to respond to emails immediately, prioritize needs and expectations of the senders, and organize their inbox to create some structure and consistency in the day to day work. But it is imperative to protect oneself and one’s organization from one of the most common forms of cyber-attacks - Phishing.
Phishing emails are the basic attempts of scammers to trick the user into either clicking a malicious link or entering confidential information that can be used to carry out fraudulent activity. A link can provide access to hackers, and before you know it – your company’s data is locked with Ransomware. An employee entering sensitive information in a form on an email can give hackers unfettered access to private employee and client information and they can use it at their whim. Often, hackers will disguise their email address and name as an employee or high-level executive at the company so the users mistakenly believe that they are dealing with someone they know and trust.
Phishing is one of the easiest forms of attack from cyber criminals, and email is the most common method of performing these attacks. Scammers aim to target unaware users who don’t think twice about revealing login and password information, personal and/or private data, financial data such as credit card details, banking credentials, and much more.
Some specially crafted emails can be designed to look like an update from your bank, and could relate to any one of your online accounts. These emails could also seem like you ordered something online and they need to verify credit card information. These hackers usually target staff in the financial or human resources department of a business. They often copy the format of the organization that the scammer pretends to represent. They will also take you to a fake website that looks like a real one but has slightly different address.
If the user clicks on a link in a phishing email, they are usually redirected to a fake version of a legitimate website that you are trying to visit. A similarly popular method to phishing is pharming, which is done by infecting a user’s computer with malware which takes the user to the fake site, even if they type the real address or click on the bookmarked link.
How to spot a phishing email
- You receive an email asking you to update or verify your information.
- The text does not address you by your proper name.
- The text may contain typos and/or grammatical errors.
- When you hover over the sender’s email address, the email address that pops up looks different.
- The email urges you to act immediately
How to protect your employees and your business from phishing!
- Encourage your users to think before they click.
- Be sure to look closely at emails before clicking any links or download any attachments.
- Visit the source directly rather than clicking the link in an email.
- Examine the website links and logos in suspicious emails you receive.
- Hover over the sender’s email address that resemble authentic company email address.
- Send any suspicious looking emails to your Managed IT Services Provider or your IT Department
- Alert your Managed IT Services Provider or IT Department immediately if you suspect you have clicked or responded to a phishing email.
- Training is an effective way to educate your staff about the various methods cyber criminals use to steal data. Teaching employees what to do when it comes to a phishing email will protect your organization from malicious attacks.
Want to learn more about ways to protect your business against Phishing attacks? Receive a free consultation from BlackPoint IT today at 866.575.9512 or fill out our contact form and we'll call you.