Avoid Getting Hooked! How to Identify Phishing Attacks!
Among the growing health concerns of the COVID-19 pandemic, we are seeing growing danger in the IT Security Space – phishing attacks. Cyber criminals are taking advantage of current situation and are looking to exploit the public’s fears, as well as a growing remote workforce.
What is Phishing?
Phishing is an attack method used by cyber criminals to trick you into giving up information, clicking on a malicious link, or taking some action (e.g., wiring money, etc..). Phishing attacks come in many forms and are most commonly seen through Emails, but they can come through any message.
A phishing message will attempt to entice you in taking an action such as clicking on a malicious link, opening an infected attachment, or responding to a scam.
In addition to generic attempts, people need to be on the lookout for Spear Phishing campaigns. These are targeted exercises in which a cyber-criminal will craft the phishing exercise to you specifically. These emails will look like they came from a friend, be relevant to your interests, address you directly, or any number of different ways.
Cyber criminals send out these messages to millions of people every day around the world, but with the growing COVID-19 pandemic, we are seeing a growing number of Coronavirus specific attempts.
How to Identify a Potential Phishing Attack?
Here are few key ways to help identify phishing emails and to help keep yourself, and your company safe:
Check the Email Address
If the email address appears to be legitimate, but the email is coming from a generic email source such as @gmail.com, @hotmail.com it may be an attack. Also, always check the “TO” and “CC” fields to see if the message is being sent to people you don’t know or do not work with.
Be Aware of Generic Greetings – Know Who You’re Working With
Always be leery of generic salutations like “Dear Customer” in an email. If the organization is one that you trust and they have a need to contact you, they should have your information. Ask yourself if you’re expecting an email from that company? No company you work with regularly should be asking for personal details; their records should be complete if you have been doing business for some time.
Watch out for grammar or spelling mistakes. Most businesses proofread their messages carefully before sending them and poor grammar could indicate a potential threat.
Take Your Time – Avoid “Immediate Action”
Be leery of messages that indicates that you “need to take action now” or uses language that creates a sense of urgency. This is a common way to get people into rushing into action, instead of questioning the request.
Don’t Click That Link or Open That Attachment– Yet
Watch out for links that you’re not expecting. When dealing with a link in a message, hover over it to see the true destination. If it doesn’t match what’s in the email, it is an indication of an attack.
Too Good to be True? Sorry, no.
If it seems to be good to be true, it probably is. While we all hope to win the lottery, chances are not looking to good.
Pick up the Phone
Even if the email came from your friend, if you weren’t expecting one, or it doesn’t seem to be in-line with what they would normally send, it could be an attack; your friend could be compromised and the attack is spreading to you. When in doubt, call and confirm that they meant to send it to you.
Remember, be careful and always question the emails you’re interacting with. Taking time to review, being cautious and ensuring that you’re practicing safe techniques will help keep you and your organization safe.
If you’d like to set up a discussion around any of these items, talk about other ways to help prevent phishing attacks, or improve your security, please e-mail firstname.lastname@example.org or call us at 1-877-843-9611.