How to Spot a Phishing Attack

How to Spot a Phishing Attack

I got phishing emails from 2 different folks that I’d never met today.  It made me more aware than ever of how real this threat is, and how a little education can go a long way in protecting our personal information and data.  Here are some quick tips to spot a phishing attack.  Training on what to look for is actually our best possible defense as business owners.

What is Phishing?

By definition, phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.  Essentially the bad guys email you and try to craft some compelling message that will get you to click on a link or attachment.  Doing so usually runs malware on your system and allows them to get their “hooks” in.

How to spot a Phishing Email

Luckily the bad guys aren’t always great at disguising these attacks, and there are a lot of tell tale signs that help you identify a threat before you click.  Here are some things to look for.

  1. Is whatever they are writing too good to be true?  If you think there is really a Nigerian prince in need of assistance and that he will bequeath his fortune to you if you wire him $500 today you’re mistaken.  Don’t fall for it.
  2. Is the email overly urgent?  Hackers frequently say that something terrible will happen to you if you don’t do what they ask right away.  Sometimes it can even look like it’s from someone you know.  If you have any doubt call the person the email is from before acting.
  3. Does the email contain a suspicious hyperlink?  A lot of people don’t know this, but you can mask the true destination of a link so that it looks like it is going somewhere different than the actual destination.  If you hover your cursor over the link without clicking it you can frequently see the actual destination the link will take you to.  If you’re unsure about it, DON’T CLICK ON IT!
  4. Is there a shady looking attachment?  Bad guys will frequently disguise malware as a normal looking attachment such as a word document or a PDF.  If you don’t know the sender that is sending the attachment don’t click.  You can also usually hover over the attachment with your cursor to see the file type.  If it’s not what it says it is, there is a high likelihood that it’s malware.
  5. Who sent the email?  Always be cautious of email from unknown sources.  Take extra care in examining these emails, and don’t open them unless you were expecting them.
  6. Consider installing an anti-phishing toolbar.  Most internet browsers have anti-phishing toolbars that will notify you if you visit a site associated with phishing.  It’s another layer of protect and usually free.
  7. Check websites for security.  You can see if a site is secure by checking the URL.  Those that begin with https and have a lock icon have been secured by SSL and are generally safe to visit.
  8. Watch out for pop ups.  Pop ups are generally annoying, but can also be a gateway for malware.  Not all are malicious, but be wary of them and avoid them if possible.
  9. Make sure you have a network firewall.  Business should have a network firewall in place.  Preferably one that has gateway antivirus and malware protection along with intrusion prevention services.
  10. Solid Antivirus software can also help protect you from threats.  Make sure that all of your systems have this installed and kept up to date.

Final Thoughts

Phishing attacks are more prevalent than ever.  Some education on what to look for to spot a bad guy goes a long way.  Take a breath and think before you click.  If in doubt don’t risk it.  Ask an IT professional for help.  i.t.NOW works to protect all of it’s clients from a wide variety of ever evolving cyber threats.  If you want to better educate your staff on how to avoid phishing, don’t hesitate to reach out to us.  We have a online training program specifically designed to educate your staff on how to be safe online, and specifically how to avoid phishing scam.  You can call us today at 801-562-8778 for help with your cyber security.