Tip of the Week: Warning Signs of a Phishing Scam
According to the latest edition of Microsoft’s regular Security Intelligence Report, phishing attacks are the most prevalent cyberthreat. Considering what is currently going on in the world, this is almost assuredly still the case, which means that businesses and individuals alike need to be more aware of how to spot these attempts. To help, we’ve put together a few tips.
Before we get into these warning signs, however, it is important that we mention a few things about phishing attacks.
While these signs can be a great indicator that an email is actually a malicious attempt by an attacker, the processes that some attackers use have advanced greatly over time. Spotting a phishing attack can range in difficulty from knowing that there isn’t an official trying to recruit you into assisting them in a massive money transfer in exchange for a considerable cut… all the way to knowing to look for subtle differences in the URL hidden behind a linked bit of text.
So, keep in mind that these tips are simply meant to raise awareness as to what can indicate a phishing attempt’s presence, and that not all of these indicators will be present each time.
1. The email is written to be alarming.
The last thing someone trying to phish you wants is for you to think too much about it. In order to keep you off-balance, many phishing attacks are written to inspire a jolt of panic. This way, the targeted user is more likely to take the message at face value and seek a way out, setting the hook. Rather than allowing your emotions to be manipulated against you, take a few moments and observe the situation before deciding how to proceed. Check the details of the message for truth or accuracy.
2. The email includes a .zip file.
Cybercriminals will often send malware packaged into a .zip file, and phish the recipient into opening it. While .zip files were once useful as a means for sending large files, cloud technology and other means have largely left them redundant. While they still have their uses, be cautious about opening any you may receive in your email.
3. The email address/URL is incorrect.
This one is something you may have to look closely for. It isn’t often anymore that people pay too much attention to the actual email address of a received message, which many attackers will take advantage of by making small changes to the URL that can be easy to miss. For instance, combining an “r” and an “n” appears as “rn”… pretty easy to see as an “m” if you aren’t careful. Attackers will sometimes do this to convince you of a message’s legitimacy. It is also quite easy for these cybercriminals to make the links in their messages appear to direct someplace else, encouraging you to click through them. Hover your cursor over any link to see where it actually goes before you click it.
4. The email is impersonal and sloppy.
Here’s the thing, companies today understand that they need to make a good impression in their emails, so they will almost certainly be using spellcheck liberally as they write their legitimate messages. They will also be sure to do their best to make the message feel as personal as they can. While everyone knows that each email isn’t custom-written to each person it is sent to, that little bit of personalization makes the recipient feel acknowledged and is simple enough for these companies to automate. Therefore, professional emails with sterile, impersonal language, generic terms, and (less commonly today) incorrect language are a pretty significant sign that an email may not be from who it says it’s from.
While this isn’t a full list of things to watch out for to prevent phishing, it is a good start.
To learn more about how you can help protect your business from phishing and other cyberthreats, reach out to Resolve I.T. by calling (978) 993-8038.