Phishing attacks are on the rise for businesses, as threat actors focus their efforts on more profitable targets. What can your business do to stop them? Implement an anti-phishing plan that increases awareness of phishing techniques for you and employees.
10 TIPS TO HELP SPOT PHISHING ATTEMPTS
In 2018, businesses saw a 132% increase in information-stealers, such as TrickBots which use phishing emails to infiltrate organizations and drop their payloads.
1) Look for poor spelling
Errors in formatting, and email addresses in the “From” field that look suspicious. Perhaps the formatting and design are different from what you usually receive from the organization. Maybe the content sounds strangely formal. The possibilities are endless.
2) Attachments are always a sign of malware
Attachments should be treated with kid gloves. When in doubt, do not open the attachment. Instead, try to contact someone you know from the organization listed in the email to confirm or delete the email without opening (RGHT-CLK – Delete) in Outlook.
3) Do the URLs match?
Hover over the link displayed in the email to see the actual URL. If they are different from one another, do not click.
4) Phishing emails often impersonate
Attachments should be treated with kid gloves. When in doubt, do not open the attachment. Instead, try to contact someone you know from the organization listed in the email to confirm or delete the email without opening (RGHT-CLK – Delete) in Outlook.
5) Just because a URL has a green padlock
Doesn’t mean it’s safe. With a public push for websites to adopt HTTPS protocols, cybercriminals have jumped on the bandwagon, easily purchasing SSL certificates for their phishing pages.
6) Mobile device users are at risk
Of being scammed by lengthy faux URLs that cannot be fully viewed on screen. The visible portion may be tailored to appear legitimate, but the rest of it—which would give the game away—is hidden off-screen. Employees checking email on their phones or browsing the Internet should always review the entire URL before clicking.
7) Dubious apps are a potential problem
As carefully-worded pop-ups asking for permission to access sensitive data have duped many. When installing desktop or mobile apps, it’s best to review the app’s online reviews, and make sure you’ve selected the legitimate version. Are the logos the same? Does the user experience match what you’d expect?
8) Promoted social media content can lead to phishing
Especially as ads tend to be targeted to individual interests. We recommend users not engage on social media from their work devices, or if they must, limit their engagements
to work-specific tasks. Also, never go to social sites on critical systems like CAD/CAM workstations,Servers or mission critalce systems.
6) That Green Padlock in the URL bar ?
So, where does the green padlock come into play? The green padlock simply means that traffic to and from the website is encrypted. A certificate, provided by a certificate provider (Certificate Authority or CA), is used to set up this encryption. Sounds good, right? But the only thing you can actually be sure of when you see such a padlock is that your computer is connected to the site that you see in the address bar.
10) Desperation is a surefire sign
Kinda like dating, desperation is a sure sign something of trouble. It’s panic buying, but not as we know it. E-mails claiming a tight time limit to log in and perform an action, alongside the threat of losing X or Y forever, should be deleted or forwarded to he company’s security and/or fraud departments.
“
“Phishing is a method of tricking you into sharing passwords, credit card numbers, and othersensitive information by posing as a trusted institution in an email or phone call.
All about phishing
What is phishing?
Phishing is the crime of intending to deceive people into sharing sensitive information like passwords and credit card numbers. As with real fishing, there’s more than one way to reel in a victim, but one phishing tactic is the most common. Victims receive an email or a text message that imitates (or “spoofs”) a person or organization they trust, like a coworker, a bank, or a Government office. When the victim opens the email or text, they find a scary message meant to overcome their better judgement by filling them with fear. The message demands that the victim go to a website and take immediate action or risk some sort of consequence.
If users take the bait and click the link, they’re sent to an imitation of a legitimate website. From here, they’re asked to log in with their username and password credentials. If they are gullible enough to comply, the sign-on information goes to the attacker, who uses it to steal identities, pilfer bank accounts, and sell personal information on the black market.
Get Malwarebytes Free:
Related Articles
Navigating Change: iDrive’s Recent Pricing Adjustment
There are some important changes in the world of data backup, specifically regarding the exceptional product that many of you have come to rely on – iDrive. As your dedicated IT professional consultant, it is my responsibility to keep you informed about...
IDrive Online Data Backup 90% Off Deal – The perfect gift for anyone with a computer!
Our Top-Rated Best Computer Backup and Cloud File Access Cloud Tools for Home Users and Businesses Alike! The best data backup software 2022. We began testing IDrive early on way back in 2002. Backup tools were really beginning to blossom, faster than we could keep up...
Upcoming Google Search changes “Helpful Content Update”
Google has announced a major change for website ranking on Google. "Helpful Content Update" should start rolling out this week. It could be as big a shakeup as the Penguin update launched 10 years ago The Google ranking update is reportedly to target content "written...