What You Need to Know About Phishing Attacks and How to Avoid Them

July 25, 2016

IT Security, Phishing Attacks

By Aimee

SHARE THIS PAGE
Phishing_attacks_tlc.jpg

 

We have always said that this digital era, with its ever growing data, is swarmed as well with a growing number of malicious individuals. Their goal is to steal data, no matter its value to them is of significance or not, and sell them for good price. 

As emails have become one of the transaction media of most B2C and B2B companies, the threat in email security only grows each day. At these times, it is best to adhere to the universally known saying that knowledge is power and learn of the number one threat to email security – phishing attacks. Especially so since victims do not realize it’s happened until it’s too late.

Phishing defined

Hackers use phishing to trick people into giving away protected information like social security numbers, passwords, bank credentials, and more. As such information is gained, phishing emails are considered to be the main channel from where identity theft is committed. The most dangerous part is that they look legitimate, making victims easily fall prey and not know what happened until the deed’s been done.

Phishing categories

General phishing – this is a mass blast, thus sent to multiple people and acts like a legal standardized document, making the victim think of its legitimacy, attracting them to click and enter the appropriate information.

Spear phishing – as it’s aptly named is more targeted and is directed towards a specific person or a group of individuals such as HR, Finance Department, or Management team. The authenticity of the email that attracts the individual to trust is that it usually comes from someone they trust. Usually it’s from a high-profile individual like the CEO asking for bank credentials from the finance team, thus making it seem okay to provide the said information.

It may seem that since there’s no money involved, it won’t be as profitable as say a ransomware (where information is withheld until some amount is paid), but the information gained is what is of value. As mentioned above, the targets are social security numbers, passwords, bank credentials, etc and these can be sold to someone. This certainly causes more damage as this results in identity theft and opening up lines of credit under your name.

Identifying phishing attacks

While it may be challenging to recognize them, being as they usually come from trusted sources, they are still some signs that could give them away as long as you know what to look for.

Personal information

Always be warned when an email is asking for personal information that you know you have not asked to get updated. It might say that your password has expired and to click on a link to update it. This link goes directly to a spoofed website.

Grammatical errors

Phishing scams have grammar errors and they could be subtle – a misspelled word here, a random capitalization there. And as we read a word as a whole and not letter by letter, it could be hard to point them out at first. And these emails often resemble something that would have come from a trusted source.

Appropriate banners

A lot of the phishing emails will have the appropriate banners included in them to make them look more convincing. But their colors are usually a shade or two off. And because that’s a subtle difference, victims think they are corresponding with their bank, or credit card company, or even the government.

The hyperlink

This is the word that has a link leading to a ‘trusted’ website. As it is, it is very easy to change it to something completely different, taking you to a different website. Hover over it first before clicking to see where it would actually lead you to.

The forward slash

Be cautious of anything before the forward slash. Phishing scammers may add a period or a dash before the forward slash. This tricks recipients into thinking the link is legitimate. They may also use a subtle misspelling that’s hard to spot and when clicked, it goes to a different domain.

Best practices to avoid falling prey to phishing attacks

Your company’s IT department or IT provider would have put in security firewalls and defenses to keep these malicious emails from reaching your inbox. However, as cyber criminals are getting more aggressive each day, you may still receive one or two. Your knowledge of what to look for and the best practices mentioned below will be your greatest defense against falling prey to these attacks.

Be updated with phishing training

Educated users are hard to trick. Thus, making sure that all employees are taking phishing training semi-annually or annually would always be a good idea.

Be cautious about suspicious emails

As most of these scams come from trusted individuals, it is better to check with them first if they indeed sent the email (especially if you’re not expecting any) before clicking. Call them to confirm or if it’s from your bank or another organization, open up another browser and fire up their website. This makes sure that you are going to the correct domain instead of a spoofed one.

The devil is in the details

You already know the subtle deliberate misspelling, grammatical errors, and additional dots and dashes in the email are how scammers try and get your information. You could be in immediate trouble should you skip being cautious and not check all the details in the email. Tedious process I know, but it’s a small trade off compared to the highly potential risk of identity theft. Take the time to check the authenticity of the emails you receive.

Compartmentalize information within your organization

Not all of your employees would need access to all company information. If the information isn’t necessary for them to complete their job, then refrain from giving them access. There are lesser chances of confidential information getting leaked when you run your business on a less privileged basis.

As mentioned before, an educated user is harder to trick so knowledge about phishing scams and best practices to avoid falling victim is your best bet for protection. Keep all these in mind and practice making the habit of being wary of whatever you receive in your emails.

 


WHAT'S NEXT?

We can check to make sure the integrity of your network infrastructure and confirm its capabilities of blocking out phishing emails off your system. What's more, we can provide recommendations on how to strengthen your network and give best practices on simplifying your IT needs.

New Call-to-action

Tags: IT Security, Phishing Attacks

Was this article useful? Sign-up and we'll send you more like this every week!

Recent Posts

New Call-to-action
New Call-to-action
New Call-to-action