Alltech IT Solutions Blog

Tip of the Week: How to Identify (and Foil) a Phishing Attack

Tip of the Week: How to Identify (and Foil) a Phishing Attack

Phishing has been gaining notoriety in cybersecurity circles, as it has been used quite successfully in a variety of business infiltrations and data breaches. Many of the more well-known cyberattacks of the last few years were enabled by phishing. In order to protect your business’ interests, you and your team need to be able to identify these social engineering attempts. We’ll go over a few ways to do so for this week’s tip.

What Is Phishing, Anyway?

Appropriately enough, phishing is when a cybercriminal pulls a bait-and-switch, posing as someone they aren’t to steal data and/or access credentials. By posing as someone else, someone seen by their target as trustworthy, these attackers lull their target into a complacent sense of security.

There are many different kinds of phishing attacks, which can be split into two main categories. The first, general phishing, makes use of an email that is written to potentially apply to as many people as possible, as a means of maximizing the number of potential victims. The second is known as spear phishing, and focuses on quality over quantity. Rather than a generic message being sent to many people, spear phishing requires in-depth research and insights into a specific target. This has commonly proved effective, especially since these messages typically appear to come from an authority figure.

Phishing attacks can be used to steal credentials, infect a workstation or network with malware, or fool a business user into making false orders on behalf of the business. Naturally, none of this bodes well for the targeted business.

What You Can Do to Recognize a Phishing Attempt

There are many tricks that cybercriminals use to disguise their phishing efforts, which can actually help you to identify them… as long as you know what you’re looking for.

  • The message’s content itself can provide a few clues. Generally speaking, any requests for a user to update or verify their credentials that are accompanied by (a little too) convenient links are most likely trying to get you to click through to a spoofed website where your credentials can be stolen. Are there any spelling and grammar mistakes?

  • The language contained in the email can also be indicative of an issue. Is the email sent to “Customer”, or is it sent to you? This lack of personalization is a sign that this email is likely a generic phishing attempt, as there is no reason for a legitimate business correspondence not to include details like your name.

  • Is it threatening? If the supposed sender is trying to cultivate a sense of fear and urgency, or has even included the threat of serious consequences, ask yourself if that seems like the best way for a legitimate business to communicate with a client, customer, coworker, or contact. On the other side of the coin, is the content of the message too good to be true, like claims that you won the grand prize in a contest that you never entered? This is a strong indicator of a phishing scam.

  • Are certain details within the email just a little bit… off? Are logos and branded banners in the message not quite the right color? Is the account that sent the message a business account, or a Gmail account that any J. Random Hacker could throw together? These are warning signs that something is rotten in the state of Denmark.

  • You also need to closely examine any (little too) convenient links, as referenced above. It is incredibly easy to make a hyperlink appear to say one thing while directing a user to another website entirely. Without clicking, hover your cursor over the link to check the URL. Does it include an unexpected subdomain (a word where ‘www’ usually is), or is it misspelled?

    Are there any additional periods or dashes in the URL before the first forward slash? For instance, 

“www.example.com/seewhatimean” 

and 

“www.example.com.sample/seewhatimean”
may look very similar at first glance, but only one will take a user to a legitimate domain.

Phishing is a frustrating issue to deal with, but it’s an even more frustrating thing if it is successful. Reach out to the professionals at Alltech IT Solutions to learn more best practices to avoid phishing attempts - call 954-628-3770 today!

You Don’t Hear About the Small Businesses That Get...
What Will Cybersecurity (Probably) Look Like in th...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, January 21 2020

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Office Tips Business Continuity Recycling Webcam Mobile Security Batteries Cloud Computing Analysis Health Digital VPN Automobile Lead Generation Software Hacker Data Breach Video Scams Office Synergy Humor Alert Virtual Assistant Chrome OS Network Twitter Freedom of Information Managed IT Services Worker Word Security Money HaaS Conferencing Payment Cards Remote Control Data Protection Emoji Data Management Hosted Solutions IT Management Inventory Millennials Spotify Phone System Patch Management Managing Stress Managed Service Provider e-waste Mobility Remote Monitoring Employees Google Maps Telephone Systems Automation Antivirus Copy Business Intelligence Thank You Business Tip of the Week Server Management Printers eCommerce Gaming Console HIPAA Vulnerability Mobile Devices Data Recovery Entertainment Healthcare Cabling Hacking Scheduling Update iPhone Holidays Eliminating Downtime Paperless Office Access Control Innovation Productivity Save Money Malware Smart Technology SSD Project Management Small Business Staffing Mobile Office Cleaning Outsourced IT Marketing Files Machine Learning Tablet Workers Technology Quick Tips Hosted Solution App National Security Financial Gadget VoIp Autocorrect Router Business Computing Big Data PowerPoint Insurance Analytics Excel Downloads IT Support BYOD Search Paper Bandwidth Hard Drives Vulnerabilities Hiring/Firing Wearables Battery Spyware Biometrics Wi-Fi Going Green Computer Tactics Telecommuting Live Streaming Hybrid Cloud Certification Avoiding Downtime Maintenance Multi-Factor Security Wireless Training Server Cortana Samsung Saving Money Dongle Fleet Management Payment Telecommute Browser Human Resources Scalability The Internet of Things Amazon Scam Licensing Budget Users Electronic Health Records Phishing Troubleshooting Dark Web Distribution Tech Term Wireless Internet Connectivity Threats User Tips Error Remote Computing Tech Terms Cables Remote Support IT WannaCry Work/Life Balance Education Managed IT Services Backup Risk Management Artificial Intelligence Microsoft Office 365 Data Video Games Computer Care Password Comparison Wireless Charging Proactive IT Streaming Media Smartphone Current Events Personal Information Bring Your Own Device Data Backup Net Neutrality Windows 10 Taskbar Employer-Employee Relationship Social Media Internet of Things Gadgets Managed Service Solid State Drive Customer Relationship Management Sales Blockchain Operating System Virtualization Co-Managed IT Information Technology Mobile Device Management Efficiency Apple Cybercrime Data loss Cost Management Bitcoin eWaste Managed IT Gmail Microsoft Teams Recovery Retail IT Support Television Upgrade DDoS Cryptocurrency Unified Communications Authentication Knowledge Movies Windows Laptop Trends Business Management Holiday Customer Service Outlook Cybersecurity IT Services Virtual Private Network Productivity Government Printer Internet Explorer RAM Company Culture Specifications Processors Workplace Tips Privacy How To Shortcut IaaS Business Technology Benchmarks Time Management disposal Law Enforcement instant Messaging Content Filtering Value Windows 7 Microsoft Office Spam Blocking Websites Best Practices Technology Tips Regulation Processor Tech Support Google Unified Threat Management Display Communications Access Social Network Voice over IP Ransomware Help Desk Authorization Vendor Management Website Windows Server 2008 R2 Backup and Disaster Recovery Spam BDR A.I. Touchscreen Email Management User Tip Windows 10 Botnet Edge GDPR Telephony Threat Hardware Safety Security Cameras Hard Disk Drive Sports WiFi Computers Managed Services Provider Emergency Encryption Voice over Internet Protocol User Security Dark Data Yahoo Compliance Ink Managed IT Service Travel Miscellaneous Android Communication Congratulations Passwords Collaboration Physical Security Storage Apps Printing Virus Printer Server Employee-Employer Relationship Hard Drive OneNote E-Commerce G Suite Hosted Desktop Employer Employee Relationship Microsoft CrashOverride Medical IT Facebook Mobile Device Memes Instagram Vendor File Sharing Applications Email Cloud Data Security Politics Environment Smartphones Chrome Windows XP Information Internet Network Attached Storage Paste HP Settings Disaster Recovery Hackers Tip of the week Credit Cards Multi-Factor Authentication WhatsApp Online Shopping Updates Reporting Telephone System Staff News Network Security File Management IT budget Networking SaaS Leadership Office 365 Profitability Database Alerts VoIP Document Management Plug-In Remote Monitoring and Management Two-factor Authentication Google Drive