What is one of the greatest and most common threats to your users?
What attack has infected networks, stolen millions of dollars, snatched password credentials and created the most chaos in modern history on business large and small?
Phishing.
Phishing attacks are by no means a new issue. But as modern technology and innovation has grown, so too have innovative ways criminals exploiting those innovations. As our societies and our businesses have gotten more connected, what have criminals done?
They’ve gotten more connected both in sharing what works and what doesn’t work in cybercrime, but learn more about you, your business and your life.
And they use all of that information to phish you or your users in one way, shape, or form, in order to exploit your assets and your people.
Today, I want to revisit the phish and how to make sure your business is not getting hooked.
One of the easiest ways to do this?
I’d strongly recommend attending our upcoming webinar May 2 on avoiding the hook:
Bruce McCully
May 2, 11 AM ET
The synopsis:
Are you rolling out the red carpet to hackers, thieves, and scammers? What can you do to keep from mistakenly giving a hacker everything they need to get into your network? In this 45 minute webinar, Bruce will reveal the 3 major signs you are being phished, how you can recognize them, and avoid being hooked!
While the webinar will highlight a TON of recent attacks and will point out what to look for in an attack, I also want to outline a few common tell-tale sings here.
First, what is a phishing attack?
Phishing attacks are techniques that criminals have been using to con your users or employees into handing over money, revealing sensitive information, or installing malware by means of electronic communication (attachments or links in emails).
How are criminals phishing today?
They are exploiting three very successful techniques:
Mass-scale phishing—criminals are attacking your users at scale. Essentially they are casting a wide net targeted a whole group of people on a list. They’re likely emailing you about a topic relevant in the news or media. Maybe it’s about a recent natural disaster, asking for funding, or it could be about your bank account. Whatever the theme, there are some easy ways to identify the legitimate from the malicious (covered below).
Spear phishing—criminals often do their homework to learn about you or a group of people (maybe within your organization). They use specific personal details they pick up from social media or online to make their messaging seem personal to you.
Whaling—criminals are seeking to identify big fish within your organization (the decision makers). If you are an executive, criminals are doing extra homework to either impersonate you or to make their requests or emails seem as legitimate as technologically possible. They know you have the power and means to act on their requests and spend a lot of time and effort to make their emails look nearly impeccably real.
So, how can you make sure you can spot a phishing email?
There are some pretty good clues in an email to tell whether it’s legitimate or fake:
Look at the sender—pay close attention to the name of the person, including the domain of an email address. A scammer will most likely use a domain similar to the person they’re imitating, but it won’t entirely be correct. There most likely will be a typo in the name or domain name at some place.
Where to find the domain?
To find the domain name in an email address, look what comes after the ‘@’ symbol. Maybe instead of ‘.com’ you’ll see ‘.cm’ or maybe the domain will be slightly off. Whatever the case, take a close look at the address!
Look for compressed attachments—a compressed attachment could very likely be housing a virus. If you’re not expecting an attachment from someone, you might want to double check with the sender by phone to make sure he or she actually sent you something with the intent of you opening it.
Highly personalized messaging—if you receive an email that has very personal information you would not expect a colleague to send to your work email, it could very well be a scammer surfing the net looking for any personal references they can get ahold of. Be skeptical of emails that have highly personal messages, especially if you would not expect that tone coming from the person who sent it.
Spoofed links—many scammers will try to get you to click on an embedded link to an email. For instance, if you’ve received a fake email from the Bank of America, check to see that the link is spelled correctly. In other instances, the link that looks correct may redirect to a malicious page. Best practice is to copy and paste links that look correct into a browser rather than clicking on a link.
I know that I haven’t even scratched the surface when it comes to scams. If you’re concerned about your users, make sure you sign up and encourage your team to sign up for our upcoming webinar on latest phishing tactics criminals are using to break into your network!
Consider attending Phishing: Don’t Get Hooked!
