(978) 993-8038 facebook twitter linkedin google youtube pinterest rss

Patrick Agostino

Resolve I.T.™ has been serving the Beverly area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Tip of the Week: How to Identify (and Foil) a Phishing Attack

Tip of the Week: How to Identify (and Foil) a Phishing Attack

Phishing has been gaining notoriety in cybersecurity circles, as it has been used quite successfully in a variety of business infiltrations and data breaches. Many of the more well-known cyberattacks of the last few years were enabled by phishing. In order to protect your business’ interests, you and your team need to be able to identify these social engineering attempts. We’ll go over a few ways to do so for this week’s tip.

What Is Phishing, Anyway?

Appropriately enough, phishing is when a cybercriminal pulls a bait-and-switch, posing as someone they aren’t to steal data and/or access credentials. By posing as someone else, someone seen by their target as trustworthy, these attackers lull their target into a complacent sense of security.

There are many different kinds of phishing attacks, which can be split into two main categories. The first, general phishing, makes use of an email that is written to potentially apply to as many people as possible, as a means of maximizing the number of potential victims. The second is known as spear phishing, and focuses on quality over quantity. Rather than a generic message being sent to many people, spear phishing requires in-depth research and insights into a specific target. This has commonly proved effective, especially since these messages typically appear to come from an authority figure.

Phishing attacks can be used to steal credentials, infect a workstation or network with malware, or fool a business user into making false orders on behalf of the business. Naturally, none of this bodes well for the targeted business.

What You Can Do to Recognize a Phishing Attempt

There are many tricks that cybercriminals use to disguise their phishing efforts, which can actually help you to identify them… as long as you know what you’re looking for.

  • The message’s content itself can provide a few clues. Generally speaking, any requests for a user to update or verify their credentials that are accompanied by (a little too) convenient links are most likely trying to get you to click through to a spoofed website where your credentials can be stolen. Are there any spelling and grammar mistakes?

  • The language contained in the email can also be indicative of an issue. Is the email sent to “Customer”, or is it sent to you? This lack of personalization is a sign that this email is likely a generic phishing attempt, as there is no reason for a legitimate business correspondence not to include details like your name.

  • Is it threatening? If the supposed sender is trying to cultivate a sense of fear and urgency, or has even included the threat of serious consequences, ask yourself if that seems like the best way for a legitimate business to communicate with a client, customer, coworker, or contact. On the other side of the coin, is the content of the message too good to be true, like claims that you won the grand prize in a contest that you never entered? This is a strong indicator of a phishing scam.

  • Are certain details within the email just a little bit… off? Are logos and branded banners in the message not quite the right color? Is the account that sent the message a business account, or a Gmail account that any J. Random Hacker could throw together? These are warning signs that something is rotten in the state of Denmark.

  • You also need to closely examine any (little too) convenient links, as referenced above. It is incredibly easy to make a hyperlink appear to say one thing while directing a user to another website entirely. Without clicking, hover your cursor over the link to check the URL. Does it include an unexpected subdomain (a word where ‘www’ usually is), or is it misspelled?

    Are there any additional periods or dashes in the URL before the first forward slash? For instance, 

“www.example.com/seewhatimean” 

and 

“www.example.com.sample/seewhatimean”
may look very similar at first glance, but only one will take a user to a legitimate domain.

Phishing is a frustrating issue to deal with, but it’s an even more frustrating thing if it is successful. Reach out to the professionals at Resolve I.T.™ to learn more best practices to avoid phishing attempts - call (978) 993-8038 today!

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 21 February 2020
If you'd like to register, please fill in the username, password and name fields.

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Microsoft Productivity Business Computing Cloud Hackers Google Efficiency Malware Internet Miscellaneous Smartphones Network Security Innovation Data Software Business Mobile Devices User Tips Backup Email Hosted Solutions IT Support Computer Business Management Communication Hardware Workplace Tips Windows Communications Android Upgrade IT Services VoIP Managed IT Services Smartphone Windows 10 Social Media Browser Holiday Microsoft Office Small Business Cybersecurity Save Money Passwords Ransomware Network Outsourced IT Tech Term Mobile Device Business Continuity Apps Apple Office Quick Tips Marketing Alert Users Managed Service Provider Employer-Employee Relationship Collaboration Productivity Gadgets Automation Facebook Bandwidth Remote Computing Server Virtualization Internet of Things Disaster Recovery Mobile Device Management Chrome Cloud Computing Health Data Backup Going Green Wi-Fi Remote Monitoring Hacking IT Support Big Data Gmail iPhone Operating System History VPN Saving Money Wireless Managed IT Services IT Solutions WiFi The Internet of Things Router Password Antivirus Windows 10 Mobile Computing Applications Networking Retail Data Recovery Analytics Mobility Search... Managed Service Business Intelligence App Current Events Computers Office Tips Information Access Control Application Excel Settings Phishing Patch Management Office 365 Twitter Artificial Intelligence Maintenance Website Spam Physical Security Compliance BYOD Tablet Laptop PowerPoint Data Management Company Culture Blockchain Government Cybercrime Law Enforcement BDR Memory Paperless Office Environment Customer Relationship Management Humor Word Social Engineering Lithium-ion battery Wireless Technology VoIP Entertainment Managed IT Service Battery Bring Your Own Device Proactive IT Sports Biometrics Workers Google Drive Value Politics Mouse Virus Recovery Safety Telephone Systems Net Neutrality Save Time Data Breach Remote Monitoring and Management Tech Support Payment Cards Scam Mobile Office Wireless Charging Files Data Security Robot Best Available Hiring/Firing Windows 8 Shadow IT Printer Dark Web RAM Wearable Technology Tech Terms End of Support Hard Drives Customer Service Internet Exlporer Printer Server Data storage Virtual Assistant Saving Time Tip of the week Data Protection Streaming Media Phone System Touchscreen Programming Fax Server Risk Management Online Currency People G Suite Education Two-factor Authentication Medical IT Smart Technology How To Bluetooth Shortcut Business Technology Information Technology Licensing Outlook Processor eWaste Connectivity Voice over Internet Protocol Cortana Display Best Practice Windows 7 Telephony Vulnerability Hosted Solution Human Resources User Error Managing Stress Avoiding Downtime Social Network Money HIPAA Batteries Cost Management Budget Cleaning Employee-Employer Relationship Telephone System DDoS Healthcare Downtime Electronic Health Records Specifications IT Service Copy Flexibility Video Windows XP Cameras Social Networking Black Market Consultant Troubleshooting Tactics Unified Communications IT Management Multi-Factor Authentication Tablets Distributed Denial of Service Debate Employees Analysis Conferencing Technology Tips Paste Legal IT Consultant OneNote Spotify Threats Meetings Workplace Update Lead Generation Internet Explorer Remote Support Holidays Access E-Commerce Video Surveillance Content Filtering Backup and Disaster Recovery Windows Server 2008 R2 Scams User Profitability Threat Microsoft Teams Network Attached Storage Virtual Private Network Printers Advertising Payment Reporting User Tip SSD Remote Control Video Games Taskbar Webcam YouTube Project Management Automobile Monitor USB Eliminating Downtime WannaCry Printing File Sharing Server Management Co-Managed IT Staffing Private Cloud Analyitcs Encryption Windows Media Player Virtual Reality instant Messaging Telecommuting Inventory Spam Blocking Alerts Law Firm IT National Security NarrowBand Insurance Reputation Wireless Internet Hard Drive Trending Paper Hybrid Cloud User Security Machine Learning Memes PDF Notifications Bloatware Vulnerabilities Piracy GDPR Millennials Mobile Security Email Management Work/Life Balance Updates Chromecast HP File Management Personal Information Customers SharePoint Help Desk Processors Ink Cables Telecommute IT Entrepreneur Cryptocurrency Storage e-waste Google Maps Document Management Managed Services Provider SaaS Certification Spyware Travel Data loss Hosted Desktop Gadget WIndows 7 Administration Error disposal Benchmarks Botnet Digital Vendor Training Statistics Downloads Live Streaming Skype Sales Staff Firewall Unified Threat Management Time Management Microsoft Office 365 Voice over IP Samsung Cabling Recycling Managed IT Touchpad Edge Relocation Running Cable Vendor Management Security Cameras Trends WhatsApp Amazon Knowledge Websites Profiles Techology Solid State Drive Uninterrupted Power Supply Chrome OS Authentication eCommerce Windows 8.1 Update Multi-Factor Security Distribution Worker Hacker Wearables A.I. News LinkedIn Plug-In Comparison Dongle Computer Repair HaaS Hard Disk Drive Computer Accessories Social Authorization Online Shopping Crowdfunding Database Bitcoin IT budget Fleet Management Science Worker Commute Movies

Mobile? Grab this Article!

QR-Code

Recent Comments

Milli Philpson 3 Great Consumer Mobile Apps for Your Business
21 September 2017
According to my view for topic of mobile app is extremely stunning as well as useful for me. Because...