The world would be safer if we could all sit down to check our e-mails without an attempt to steal valuable information. These criminals have become so crafty at what they do that many victims do not even know that they have been taken until it is far too late. Worst of all, it is extremely difficult to track these bad actors down. Thus, the only defense is to try to identify what their theft attempts look like and try to prevent becoming a victim ourselves. One of the main tactics that hackers use today is known as phishing.
The term phishing might conjure images of a peaceful day at the lake baiting hooks and casually enjoying the weekend. However, phishing in the sense of technology is certainly no casual matter. The Merriam-Webster dictionary gives this broad but instructive definition of phishing:
A scam by which an Internet user is duped (as by a deceptive email message) into revealing personal or confidential information which the scammer can use illicitly
It is necessary to make the term as broad as possible for the simple fact that phishing attempts come in all different variations. The ones that are in use today could well be rotated out for more sophisticated attempts tomorrow.
Phishing attempts often show up as e-mails that are disguised to look like legitimate correspondence. The people behind them will attempt to make them appear just like any other e-mail in order to get the recipient to take a look at it and hopefully click on links contained within. As soon as the victim clicks on those links, they are setting themselves up to a vulnerability that could cost them dearly.
It is easy to think of phishing as one Internet scam and that doesn’t deserve any special attention. However, that is just not the case. It turns out that roughly 90% of the scams on the Internet from last year began as a phishing attempt of some kind.
The public often believes that they won’t be targeted for a phishing attempt, but that is also a delusion. Even those as sophisticated and educated as senior campaign manager John Podesta was the victim of a phishing attempt when he ran the 2016 Presidential campaign of Secretary Hillary Clinton. One would assume that security around e-mails and everything else would be at the highest levels in such a setting, but even then someone can get victimized.
The sure domination of phishing as the primary way that hackers and other malicious actors steal information is why it should be given special attention and priority as far as prevention is concerned.
Preventing a phishing attempt means knowing what the tell-tale signs of one look like. Knowing a few universal truths about phishing attempts is helpful to avoid falling for their allure. The following are some of the things that can be spotted in most or all phishing attempts:
A Call for Action
A phishing e-mail will always have some kind of call for action contained within it. This is because every hacker needs their victim to do something so they gain access to the information. The call for action usually takes the form of an embedded link in the e-mail. Another common claim is a compromised password so the victim enters their password again. Of course, this is nothing more than an attempt by the hacker to steal that valuable information.
Issues With the E-Mail Header
A big giveaway of a phishing e-mail is that it is likely to be from an unknown source or to have some other issue with the e-mail header. Many of us naturally look past the header in order to get to the body of the e-mail. This simple oversight allows hackers to continue to do what they do so effectively. It is worthwhile to stop and examine the header closely before proceeding to take any action on the e-mail. The e-mail needs to be coming from a trusted source. Indeed, address the spelling of the e-mail address should be correct before trusting that the e-mail is legitimate. If there are any issues with either of those two components, then it is worth pumping the brakes and investigating the e-mail more closely.
Body of the E-Mail
Your alerts should go off if the e-mail has an unusual request from the sender. Is it typical for your boss to send you an e-mail asking you to change a password? Probably not. Speak with your boss (or whomever the alleged sender is) in person before responding to the e-mail. Try to look over the e-mail for other issues in the body of the text like grammatical errors. Generally, those indicate other signs of translation programs being used to write the e-mail. Many phishing scams originate from outside the United States, and these could be big signs that there is a problem.
Any e-mail suspected of being a phishing attempt is something worth reporting to the proper individuals within the company or organization. There are IT experts on staff at most major companies and even at many small businesses and non-profits. They are likely to have the most authoritative answer about any given e-mail and if it is dangerous or not. One important thing to remember is to NEVER forward a suspicious e-mail to anyone. This allows the potentially dangerous content to bounce around the system even longer and potentially victimize even more people. That escalates the damage, and no one appreciates that.
The best thing to do is to drop everything and reach out to someone who knows what to look for. In most cases, they will simply ask that you delete the e-mail and take no additional action. They will work behind the scenes to attempt to prevent the sender from sending out additional materials going forward.
For the latest on phishing scams and how to avoid becoming a victim of one, please contact us. We are here to help answer your questions and show real-world examples of these dangerous plots.
MicroXpress has been providing professional IT services to Central PA businesses since 1989. Watch this brief video to find out the Top Five Reasons so many local businesses are switching to MicroXpress for their IT support.