Phishing—It’s not just about investment opportunities in Nigeria anymore!
It wasn’t that long ago that the most sophisticated scam email we would see in our Inboxes was a note from some supposed businessman looking for assistance with a cash transaction.
The threat landscape has changed dramatically in the past few years, with phishing emails becoming more advanced and almost indistinguishable from a legitimate email.
All is not lost, however, and this guide will provide some tips for identifying the wolves among your flock of otherwise peaceful email.
What is phishing?
At the simplest level, phishing is a fraudulent piece of email engineered to get you to complete a task you otherwise would not perform.
Those tasks might be transferring money to an account in the Caymans, providing a stranger with your login credentials, or installing a virus on your computer.
Phishing attacks succeed because they fool you into thinking they are messages from something or someone that you trust, and attackers are getting better and better at pretending to be trustworthy.
You’ll receive phishing emails that seem to be from people you know, maybe even your boss.
How do I tell a phishing email from a legitimate one?
How do you know that your boss really isn’t telling you to transfer $10,000 to a numbered offshore bank account?
You need to pay attention to the details in a message. Most phishing scams look similar to something that you’d receive from a legitimate source, but rarely are they identical to legitimate messages.
For example, you may receive a message from Citibank telling you to log into your account providing a link to check on a transaction.
You know, however, that your bank has told you that it never sends you emails with login links. That discrepancy is your clue.
Links in the suspicious email are your best identifier that something is phishy. Take this screen shot below:
When I placed my cursor over the link WITHOUT CLICKING, it showed the link’s URL. This link clearly wasn’t going to FedEx, which was my first clue.
Many phishing emails are closer to the real thing than this is, but the same techniques apply.
If you receive an email for an Office 365 document link, for example, all you need to do is drift your cursor over that link. You’ll notice that the link does not go to office.com or Microsoft.com, but some random website that the phisher hijacked.
One of the best things you can do to prevent, or at least reduce, phishing attacks in your organization is to sign up for phishing prevention training. Ongoing employee training has proven to the absolute best defense.
You might also want to consider learning more about our Managed Security Services, one of the most cost-effective ways to get access to sophisticated security services that are completely managed for you.
Want to learn more about phishing? Try these great resources:
Offers some basic tips.
Is Cornell’s database of current phishing scams they’re seeing on campus. It’s a great way to familiarize yourself with the types of messages out in the wild.
The folks at Consumer Reports also have a clear guide with some useful links.