Cyber security tools have gotten much better at blocking things like viruses, trojans, worms and hackers from getting access to your information, so much so that cyber criminals have changed their M.O. to target the next weakest link in cybersecurity; YOU, the user.
Cyber criminals understand our human nature can itself be hacked, and they know how to do it.
Knowing how to protect your personal information and your business information is critical. Not only do phishing attempts put your company at risk, it will also put your personal information at risk as well.
Although the threat landscape is ever evolving with new tricks, hacks and techniques, these simple rules should help you identify the most common threats and prevent your personal information and your company from being compromised.
HOW DO PHISHING ATTACKS WORK?
The purpose of a phishing email is to gain access to your personal information and your company’s network, by tricking you to click a link, download an attachment, or login to a fraudulent website which will grant the attackers access to your computer, or smartphone.
Although; these emails will look very close to their legitimate counterparts there are a few key details you should know to look for that will set off red-flags.
1.) CONFIRM WHO SENT IT
If you get an unexpected, or urgent seeming email from what looks like a trusted company, make sure the “From:” email address is what you were expecting and spelled correctly. When in doubt search your inbox for previous emails to double check, or use a search engine and paste the incoming email address in. If the email is legitimate you will find it on the company's website.
Other the other hand, many times scammers will use the same or similar fraudulent email addresses, for the same campaigns and you might be lucky enough to find that someone else has already listed it as spam or a phishing email.
There are also free resources online to check if an email address is valid using VerifyEmailAddress.org, as well as to check if it has been reported to be used in a scam like PhishTank.com or see what scams have been associated with that email with Scammed.by.
2.) DON’T MAKE QUICK DECISIONS
If the message of the email is something very urgent, or unsettling and asks you to visit the link they provide, be very suspicious. Many scammers will try to play on your emotions to get you to act without thinking.
These can range from emails claiming that you've won a prize, a "Free" vacation, or threats like an audit, account termination, or account renewal.
3.) CHECK THE WORDING
Are there spelling, grammar or syntax mistakes? Large companies and organizations have people on staff to review materials before there sent to make sure spelling and grammar are good. The scammers creating phishing emails do not, and are often times not primarily english speaking. For these reasons it is always a good idea to review emails for these errors to determine the legitimacy of an email communication. Especially if it is asking for information, or for you to click a link or download a file.
Do they address you with a vague greeting like "Mr/Mrs" or "Dear Sir or Madam" or "To Whom It May Concern"? Unless this is a message you're expecting, and the tone is appropriate for the context. Most legitimate organizations know their audience, and will customize their greeting to either identify you by your first and/or last name or username, or will have a greeting that specifically identifies you as their customer.
4.) CHECK LINKS BEFORE YOU CLICK
If the previous rules don’t give you reason to dismiss the email as a phishing attack, a sure-fire way is to check the destination of any link they are directing you to. By hovering your mouse over a link you can check the destination it will send you (on most mobile phones you can press and hold on the link to see the destination).
What you want to look out for, is links that contain misspelled, or improper URLs like
support-apple.io, when you are expecting the official address of a trusted entity. These unofficial websites are usually designed to trick you into providing cyber criminals with your login information, or secretly download malware onto your device.
When in doubt, it is always best to go to the official website directly, or by using a search engine.
5.) BEWARE OF ATTACHMENTS
Another common method cybercriminals are using to gain access to your computer is through attaching malicious files disguised as resumes, invoices, product catalogs and more.
The malicious files can hide within ZIP files, word documents, excel files, and even PDFs, which once downloaded will run a program that allows the attacker remote access to your machine.
Know as Remote Access Trojans or RATs; these programs provide cybercriminals with unlimited access to infected computers. Using your access privileges, they can access and steal sensitive business and personal data including intellectual property, personally identifiable information, saved passwords, and emails.