Phishing is one of the most common types of cyberattacks aimed at stealing your money or identity by means of obtaining your personal information and using it to access your accounts. This type of cybercrime is present on all popular communication media, ranging from social networks all the way to emails, phone calls or even text messages.
Cybercriminals are usually impersonating reputable companies, attorney offices and even family members. They are trying to gain credibility and trick you into revealing sensitive information that can give them access to your financials. This is usually done through a link to a phishing website, a copy of a bank website or online store, which will ask for your banking of credit card information.
How to identify a phishing attempt?
At its roots, phishing is a means to collect your data, so be wary of any requests for personal information. Here are a few helpful tips for guarding yourself against online phishing:
- Email domain address. Check the sender’s email domain. If the email is not coming from a known email provider (such Gmail, Outlook, or Yahoo Mail) or from an organizational domain that you know, then the email might be spam.
- Spelling and grammar. Organizations and professional contractors care about the outlook and quality of their communication; therefore, email messages will always be spell checked and proofread. Spelling issues of any kind are a good indicator that the message you have received is a phishing attempt to extract your personal information.
- A tone of urgency. When phishing, cybercriminals are trying to draw your attention away from the minor details that might expose them, so they are using a tone of urgency or even threats to draw the receiver’s attention away. The email or message will say to click on a link or to open an attachment immediately in order to claim an award, or even urge you to make a payment for avoiding penalties. This type of urgency is always a red flag for a phishing attempt.
- New or unexpected messages. A message received out of the blue from someone you don’t know is a good candidate for a phishing attempt. There are also times when the message can be genuine, but more often than not, these types of messages are intended by cybercriminals to collect your information. Always examine carefully messages received from a first-time sender and make sure that the message is genuine before sending out a reply.
- Suspicious links. Be wary of any links you receive in an unexpected email. Links can be deceiving, and while the text of the link points to a real organization, the URL behind the link could point out to a phishing page meant to steal your information. A quick way to check if a link is genuine is to hover your mouse over the text of the link. If the text of the link doesn’t match the real web address display under the mouse cursor, then the link is leading to a phishing page.
- Unexpected attachments. Also be wary of any kind of attachments that you were not informed of beforehand. Attachments can contain viruses or malware targeting your data, that cybercriminals can then use to access your finances or other valuable resources.
One way to avoid phishing attempts is to contact the sender of the email by phone or to speak to them directly. This way, you can ensure that the message or email is genuine, and any links or attachments provided are safe to use.
A better way is to contact the IT security specialist of your organization and get their expert opinion, especially if the email sender is unreachable through other means. As an IT support and security provider, Abtech offers a wide range of resources meant to help you mitigate any phishing or ransomware threats. Here are a few of Abtech’s services, expertly tailored to battle phishing and other similar security threats:
- Endpoint Security Software, such as ESET or Capture Client.
- Email Security and Spam Filters, such as Proofpoint Essentials.
- KnowBe4 Security Awareness testing and training.
- Datto Ransomware Protection.
- Internal Vulnerability scans and mitigation.
- Cloud backup and disaster recovery (Stortrust).