(978) 993-8038 facebook twitter linkedin google youtube pinterest rss

Patrick Agostino

Resolve I.T.™ has been serving the Beverly area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Tip of the Week: How to Identify (and Foil) a Phishing Attack

Tip of the Week: How to Identify (and Foil) a Phishing Attack

Phishing has been gaining notoriety in cybersecurity circles, as it has been used quite successfully in a variety of business infiltrations and data breaches. Many of the more well-known cyberattacks of the last few years were enabled by phishing. In order to protect your business’ interests, you and your team need to be able to identify these social engineering attempts. We’ll go over a few ways to do so for this week’s tip.

What Is Phishing, Anyway?

Appropriately enough, phishing is when a cybercriminal pulls a bait-and-switch, posing as someone they aren’t to steal data and/or access credentials. By posing as someone else, someone seen by their target as trustworthy, these attackers lull their target into a complacent sense of security.

There are many different kinds of phishing attacks, which can be split into two main categories. The first, general phishing, makes use of an email that is written to potentially apply to as many people as possible, as a means of maximizing the number of potential victims. The second is known as spear phishing, and focuses on quality over quantity. Rather than a generic message being sent to many people, spear phishing requires in-depth research and insights into a specific target. This has commonly proved effective, especially since these messages typically appear to come from an authority figure.

Phishing attacks can be used to steal credentials, infect a workstation or network with malware, or fool a business user into making false orders on behalf of the business. Naturally, none of this bodes well for the targeted business.

What You Can Do to Recognize a Phishing Attempt

There are many tricks that cybercriminals use to disguise their phishing efforts, which can actually help you to identify them… as long as you know what you’re looking for.

  • The message’s content itself can provide a few clues. Generally speaking, any requests for a user to update or verify their credentials that are accompanied by (a little too) convenient links are most likely trying to get you to click through to a spoofed website where your credentials can be stolen. Are there any spelling and grammar mistakes?

  • The language contained in the email can also be indicative of an issue. Is the email sent to “Customer”, or is it sent to you? This lack of personalization is a sign that this email is likely a generic phishing attempt, as there is no reason for a legitimate business correspondence not to include details like your name.

  • Is it threatening? If the supposed sender is trying to cultivate a sense of fear and urgency, or has even included the threat of serious consequences, ask yourself if that seems like the best way for a legitimate business to communicate with a client, customer, coworker, or contact. On the other side of the coin, is the content of the message too good to be true, like claims that you won the grand prize in a contest that you never entered? This is a strong indicator of a phishing scam.

  • Are certain details within the email just a little bit… off? Are logos and branded banners in the message not quite the right color? Is the account that sent the message a business account, or a Gmail account that any J. Random Hacker could throw together? These are warning signs that something is rotten in the state of Denmark.

  • You also need to closely examine any (little too) convenient links, as referenced above. It is incredibly easy to make a hyperlink appear to say one thing while directing a user to another website entirely. Without clicking, hover your cursor over the link to check the URL. Does it include an unexpected subdomain (a word where ‘www’ usually is), or is it misspelled?

    Are there any additional periods or dashes in the URL before the first forward slash? For instance, 

“www.example.com/seewhatimean” 

and 

“www.example.com.sample/seewhatimean”
may look very similar at first glance, but only one will take a user to a legitimate domain.

Phishing is a frustrating issue to deal with, but it’s an even more frustrating thing if it is successful. Reach out to the professionals at Resolve I.T.™ to learn more best practices to avoid phishing attempts - call (978) 993-8038 today!

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 16 October 2019
If you'd like to register, please fill in the username, password and name fields.

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Microsoft Cloud Business Computing Hackers Google Malware Efficiency Internet Productivity Network Security Miscellaneous Smartphones Business User Tips Data Software Backup Innovation Mobile Devices Hosted Solutions Email Productivity Communication Windows Computer Hardware Business Management Communications Workplace Tips Upgrade IT Services Android Smartphone VoIP IT Support Microsoft Office Browser Social Media Ransomware Save Money Holiday Windows 10 Passwords Network Cybersecurity Tech Term Small Business Alert Office Mobile Device Managed IT Services Outsourced IT Employer-Employee Relationship Business Continuity Marketing Quick Tips Remote Computing Server Managed Service Provider IT Support Apps Windows 10 Apple Chrome Virtualization Automation Managed IT Services Health Disaster Recovery Bandwidth Internet of Things Gadgets Users Going Green Gmail Mobile Device Management Big Data Collaboration Hacking iPhone Operating System Remote Monitoring WiFi Password Facebook History Cloud Computing Saving Money Data Backup IT Solutions The Internet of Things Applications Wi-Fi Wireless Antivirus Mobile Computing Business Intelligence Computers Router Analytics Office Tips VPN Information Settings Application Excel Retail Networking Data Recovery Mobility Search... App Twitter Physical Security Laptop Website Spam Data Management BYOD Government Current Events PowerPoint Cybercrime Law Enforcement Artificial Intelligence Blockchain Access Control Maintenance Office 365 Phishing Tablet Managed Service Company Culture Paperless Office Net Neutrality Battery Social Engineering Biometrics Word Google Drive Lithium-ion battery Entertainment Compliance Recovery VoIP Safety Telephone Systems Value Mouse Workers Virus Politics Save Time Wireless Technology Memory Proactive IT Sports Environment Data Breach Patch Management People G Suite Virtual Assistant Education Tip of the week Information Technology Bring Your Own Device Medical IT Data Protection eWaste Best Practice Hosted Solution Batteries Smart Technology User Error Best Available Windows 8 Licensing How To Outlook Wearable Technology Connectivity Voice over Internet Protocol HIPAA Payment Cards Saving Time Managed IT Service Touchscreen Human Resources Cleaning Cortana Online Currency Managing Stress Avoiding Downtime Telephony Vulnerability DDoS Tech Support Money Bluetooth Budget Files Robot Downtime End of Support Healthcare Cost Management Internet Exlporer Remote Monitoring and Management Customer Service BDR Data storage Display Data Security Streaming Media Fax Server Printer Hiring/Firing Risk Management RAM Hard Drives Tech Terms Wireless Charging Scam Processor Two-factor Authentication Printer Server Phone System Programming Dark Web Shortcut Humor Customer Relationship Management Content Filtering Customers Eliminating Downtime SharePoint Printing USB LinkedIn Analyitcs Entrepreneur Server Management Windows Media Player instant Messaging Printers Recycling Inventory User Tip Trending Remote Control Wireless Internet Webcam Paper Hybrid Cloud Solid State Drive Machine Learning WannaCry Piracy Vulnerabilities Automobile Staffing GDPR Mobile Security File Sharing HP Telecommuting Spam Blocking Help Desk Ink Cables Hard Disk Drive Telecommute Hard Drive IT Consultant Cryptocurrency Cabling Touchpad Storage Bitcoin e-waste User Security Document Management Millennials Email Management Relocation Certification Running Cable Video Surveillance Uninterrupted Power Supply Video Data loss Processors Techology Windows 7 Personal Information Error disposal WIndows 7 Administration Business Technology Digital Statistics Training Google Maps Downloads OneNote Social Staff Unified Threat Management Spyware Travel HaaS Time Management SaaS Samsung Gadget Microsoft Office 365 Threats Edge Vendor Management Security Cameras Botnet Trends Amazon Windows Server 2008 R2 Social Networking Websites Law Firm IT Live Streaming Flexibility Chrome OS Sales Black Market Authentication Scams Mobile Office Hacker Voice over IP Wearables Managed IT Distributed Denial of Service A.I. Shadow IT Plug-In Taskbar Dongle Computer Accessories WhatsApp Legal Employee-Employer Relationship Knowledge Crowdfunding Authorization Project Management Meetings Database Science IT budget Worker Commute eCommerce Multi-Factor Security Movies Worker National Security Cameras News Electronic Health Records Comparison Troubleshooting Insurance Tactics Consultant Tablets IT Management Online Shopping Debate Advertising Unified Communications Employees YouTube Analysis Updates Technology Tips Telephone System Video Games Workplace Specifications Copy Monitor Update Windows XP Internet Explorer Virtual Reality Private Cloud E-Commerce Skype Encryption Alerts NarrowBand Backup and Disaster Recovery Conferencing Paste Reputation Profitability Spotify Threat User Notifications Microsoft Teams Bloatware Network Attached Storage Lead Generation PDF Payment Work/Life Balance Access Chromecast Reporting Benchmarks Windows 8.1 Update SSD Remote Support

Mobile? Grab this Article!

QR-Code

Recent Comments

Milli Philpson 3 Great Consumer Mobile Apps for Your Business
21 September 2017
According to my view for topic of mobile app is extremely stunning as well as useful for me. Because...