Lately, we have noticed an increase in phishing scams coming to our clients' email inboxes and spam filters. With these attempted attacks on our customers, and the increase of security breaches in the news, we thought it would be a great time to review what you should be looking for in phishing emails.
First, let's define "Phishing."
Phishing is email messages, websites, and phones calls designed to steal money or sensitive information. Cybercriminals cand do this by installing malicious software on your computer, tricking you into giving them sensitive information, or outright stealing personal information off of your computer.
How To Spot A Potential Attack
1. ALL CAPITAL LETTERS
Many times, a phishing attempt will try to get your attention by using all capital letters, especially in the subject line. This is to make you think that the email is of high importance, when in-fact, it's an attempt to get you to click a link or download an attachment to your machine.
If you open one of these messages, be sure to exit out immediately, without clicking any links or attachments.
2. Blank "To:" and "CC:" Fields
Another easy give away that the email you received is a phishing scam is if the 'To:' and 'CC:' fields are blank. This means this message was not sent to just you, but to a whole list of possible victims of the attack. It's easier for hackers to get "better results" by sending out to a large number of people. In this case, the attacker entered the list into the 'BCC:' field so that the individuals receiving the message cannot see all the potential victims of the attack.
If you notice an email with a blank 'To:' field, delete it immediately. As stated before, do not click any links or open any files that are attached to the message.
3. Questionable Link Destinations
A popular way for hackers to get the information and/or access they want is to include a link for a unaware user to click. These links either download some sort of malware onto your machine, or send you to a page where they ask for you to provide personal information, such as your social security number or bank account info.
A good way to tell if a link is legitimate is to hover over it with your cursor and see where the link takes you. If the website looks unfamiliar or does not match where the email says it should be going, then DO NOT click! An example would be if you received an email from Verizon to pay a bill but the link to click takes you to a domain that does not appear to be for Verizon. If you see an email like this, exit immediately and follow-up with your network administrator to validate its authenticity.
Worried Your Organization May Be Prone To Phishing Scams?
With the rise of cyber attacks and phishing scams on thousands of businesses, now is a good time to review your current security policies with an expert. XPERTECHS wants to help prevent companies from suffering from the crippling after-effects of a cyber security breach. That is why we are offering a no-obligation Security Audit to see if there are any vulnerabilities in your IT network's security.
To take advantage of this no-obligation audit or to discuss your security policies, give us a call today at 410-884-0225.