Alltech IT Solutions Blog

Tip of the Week: How to Identify (and Foil) a Phishing Attack

Tip of the Week: How to Identify (and Foil) a Phishing Attack

Phishing has been gaining notoriety in cybersecurity circles, as it has been used quite successfully in a variety of business infiltrations and data breaches. Many of the more well-known cyberattacks of the last few years were enabled by phishing. In order to protect your business’ interests, you and your team need to be able to identify these social engineering attempts. We’ll go over a few ways to do so for this week’s tip.

What Is Phishing, Anyway?

Appropriately enough, phishing is when a cybercriminal pulls a bait-and-switch, posing as someone they aren’t to steal data and/or access credentials. By posing as someone else, someone seen by their target as trustworthy, these attackers lull their target into a complacent sense of security.

There are many different kinds of phishing attacks, which can be split into two main categories. The first, general phishing, makes use of an email that is written to potentially apply to as many people as possible, as a means of maximizing the number of potential victims. The second is known as spear phishing, and focuses on quality over quantity. Rather than a generic message being sent to many people, spear phishing requires in-depth research and insights into a specific target. This has commonly proved effective, especially since these messages typically appear to come from an authority figure.

Phishing attacks can be used to steal credentials, infect a workstation or network with malware, or fool a business user into making false orders on behalf of the business. Naturally, none of this bodes well for the targeted business.

What You Can Do to Recognize a Phishing Attempt

There are many tricks that cybercriminals use to disguise their phishing efforts, which can actually help you to identify them… as long as you know what you’re looking for.

  • The message’s content itself can provide a few clues. Generally speaking, any requests for a user to update or verify their credentials that are accompanied by (a little too) convenient links are most likely trying to get you to click through to a spoofed website where your credentials can be stolen. Are there any spelling and grammar mistakes?

  • The language contained in the email can also be indicative of an issue. Is the email sent to “Customer”, or is it sent to you? This lack of personalization is a sign that this email is likely a generic phishing attempt, as there is no reason for a legitimate business correspondence not to include details like your name.

  • Is it threatening? If the supposed sender is trying to cultivate a sense of fear and urgency, or has even included the threat of serious consequences, ask yourself if that seems like the best way for a legitimate business to communicate with a client, customer, coworker, or contact. On the other side of the coin, is the content of the message too good to be true, like claims that you won the grand prize in a contest that you never entered? This is a strong indicator of a phishing scam.

  • Are certain details within the email just a little bit… off? Are logos and branded banners in the message not quite the right color? Is the account that sent the message a business account, or a Gmail account that any J. Random Hacker could throw together? These are warning signs that something is rotten in the state of Denmark.

  • You also need to closely examine any (little too) convenient links, as referenced above. It is incredibly easy to make a hyperlink appear to say one thing while directing a user to another website entirely. Without clicking, hover your cursor over the link to check the URL. Does it include an unexpected subdomain (a word where ‘www’ usually is), or is it misspelled?

    Are there any additional periods or dashes in the URL before the first forward slash? For instance, 

“www.example.com/seewhatimean” 

and 

“www.example.com.sample/seewhatimean”
may look very similar at first glance, but only one will take a user to a legitimate domain.

Phishing is a frustrating issue to deal with, but it’s an even more frustrating thing if it is successful. Reach out to the professionals at Alltech IT Solutions to learn more best practices to avoid phishing attempts - call 954-628-3770 today!

You Don’t Hear About the Small Businesses That Get...
What Will Cybersecurity (Probably) Look Like in th...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, November 13 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Smartphone Hosted Solutions eWaste Smart Technology Hosted Solution Processors Chrome Data Protection HaaS Holiday Retail Synergy Scheduling Smartphones SSD Certification Emoji Printer Router Spyware Downloads iPhone Update Sales Risk Management Video Games Windows Data Management Tip of the Week Blockchain Benchmarks File Management Social Media Passwords G Suite Yahoo CrashOverride Internet Encryption Personal Information Windows 10 Network Security Disaster Recovery Communications Telephony Website Virtual Assistant Wearables Emergency BDR Credit Cards Paper Workplace Tips Unified Threat Management User Tips Trends Communication Worker Search Processor Tablet The Internet of Things Telecommuting Payment Spam Windows 7 File Sharing Reporting Remote Support Authentication Business Continuity Customer Service Congratulations Internet Explorer Microsoft Malware WannaCry Employer-Employee Relationship Multi-Factor Security Webcam Entertainment Employees Productivity Upgrade Gmail Telecommute Alerts Operating System Database Efficiency Video Paperless Office Collaboration Printers Workers Business Intelligence Networking Security Windows XP Budget Document Management Autocorrect Cloud How To Dongle PowerPoint Remote Monitoring Politics Wireless Internet Backup and Disaster Recovery E-Commerce Data Authorization IT Support Paste Wi-Fi Websites Live Streaming Best Practices Data Security Server Management Computers Business Technology Hiring/Firing Gadgets Dark Data Mobility Wireless Education Vulnerability Proactive IT Analytics Cabling Two-factor Authentication Vendor Management Outsourced IT Managed Service Hybrid Cloud Amazon Cables Network Attached Storage Google Drive Google Maps instant Messaging Environment Botnet Email Management Windows 10 Files Outlook Bring Your Own Device Twitter Ink Phishing Backup Hard Disk Drive Tip of the week Recovery HP Gaming Console Saving Money Lead Generation Hackers Technology Tips disposal Health Artificial Intelligence Current Events Printer Server Chrome OS Telephone System IT Support Apps Solid State Drive Sports WhatsApp Marketing Phone System Connectivity Hacking Office Scams Error Printing Tech Support Scam Comparison OneNote Physical Security IaaS Excel Managed IT Service Employer Employee Relationship Access Control Cloud Computing Wireless Charging Dark Web Edge Access Voice over IP Mobile Devices Productivity Value Security Cameras Electronic Health Records Quick Tips Recycling Plug-In Project Management Hardware Leadership Millennials Safety Miscellaneous App Network Financial Data Backup Information Technology Alert Payment Cards Touchscreen Hard Drives Hacker SaaS Maintenance Virus Apple Spotify VoIP Applications Cost Management Cybersecurity Innovation Online Shopping Threat Streaming Media DDoS Data Recovery Troubleshooting Computer Mobile Office Telephone Systems Specifications Machine Learning User Security Batteries Money Cybercrime Save Money BYOD Data Breach Microsoft Office Unified Communications Digital Internet of Things Settings Office 365 Managing Stress Staff Profitability Tech Terms Freedom of Information A.I. Microsoft Office 365 e-waste Human Resources Android WiFi Law Enforcement Travel Voice over Internet Protocol Conferencing Storage IT Services Facebook Scalability Net Neutrality Browser Content Filtering Healthcare Automobile Software Bandwidth Gadget News Server Inventory Staffing Managed IT Services IT Management Company Culture Taskbar Biometrics Big Data Compliance Mobile Device Management Word Cleaning Remote Control Remote Computing Battery Copy Samsung Cryptocurrency RAM Patch Management Privacy Hard Drive Medical IT Office Tips Cortana Avoiding Downtime Remote Monitoring and Management Movies Eliminating Downtime Ransomware Tech Term Vendor Work/Life Balance Information Automation IT budget Managed Service Provider Knowledge Licensing Government Bitcoin Time Management User Tip Microsoft Teams Small Business Threats Data loss Mobile Security Business Computing Email National Security Google Shortcut GDPR HIPAA Vulnerabilities Managed IT Updates Going Green Help Desk Analysis Password Windows Server 2008 R2 Antivirus Virtualization Users Tactics Managed Services Provider VPN Employee-Employer Relationship Technology Mobile Device Spam Blocking Computer Care Training Business eCommerce VoIp Regulation Instagram Insurance Thank You Laptop Managed IT Services Business Management Display Television