Tip of the Week: What You Need to Know to Avoid Phishing Attacks
Phishing has quickly become the most predominant form of cyberattack due to the method’s simplicity. It solely relies on a user’s gullibility. The weakest link to any business is typically the employees. In order to protect your business, you and your team need to identify these social engineering cyberattack attempts. Let’s look at a few tips on how to recognize a phishing attempt.
What Exactly Is Phishing?
Remember those weekend fishing trips you spent as a kid, staring endlessly unsure which bait to use? The goal was for your bait to look as real as possible, ensuring you wouldn’t leave without a bite. Phishing has been appropriately named due to the similarities. Unfortunately for most businesses, your employees are the fish’s replacement and that wall-mounted trophy fish becomes an unaffordable amount of data loss.
Posing as a fraudulent website or persona with the intentions to steal data or access credentials yields a high reward for cybercriminals. Trial and error has revolutionized phishing into a much more effective means of theft. There are numerous different kinds of attacks, which can be split into two categories. The first category is general phishing. This makes use of an email that is written to apply to as many people as possible. The sheer volume of emails sent, typically rewards a cybercriminal with at least a few hits. The second is commonly known as spear phishing. This method of phishing is a much more personalized cyberattack. Cybercriminals typically do an uncomfortable amount of research to increase their odds of fooling a specific target. This method has proven to be extremely effective, especially since these messages typically appear to have been sent from an authoritative figure.
What reward does this yield? Phishing attacks can be used to steal credentials, infect a workstation or network with malware, or just fool a business user into making false orders with business funds.
Phishing 101 - Types of Bait
There are many different baits cybercriminals are using. Most of them fall within the same outline, so learning what to look for applies to most cyberattack attempts.
- The message’s content provides clues. Oh dear! The program I use was under an attack, so changing my password is recommended! How convenient though, the password-change link has been provided!
If something is too convenient, especially password changes, chances are it’s phony. Phishing attacks are only successful if a user cooperates with the cybercriminal. If you are under the impression that an application has been a victim of a data breach, and you feel as though changing your password holds a value, then do so. However, navigate to the application’s website in order to do so. Convenient links are often spoofed links.
- Observe the language within an email. If an email is sent to “Customer” rather than you, chances are this is our first method of phishing we discussed -- general phishing. Lack of personalization indicates lack of legitimacy.
- Does the email make you feel threatened? If a supposed sender communicates a sense of urgency, potentially including a threat of serious consequence, ask yourself the following question. “Does this seem like the best way for a legitimate business to communicate with a client?” If the answer is no, avoid exploring the email further.
- Look before you click! As humans, we make mistakes. However, a typo in an email address is unacceptable. If a provided link says something like amzon.com or payal.com/secure, it is wise to avoid it. If there are any additional periods following a domain, but before the first forward slash, this also indicates phishy activity. Something like www.amazon.com.ru/passwords is an easily identified phony email address. If you aren’t able to see the full link provided in an email attachment, users can easily view the full URL by hovering over the provided link, or right clicking and selecting “copy link address” and pasting it into a notepad application.
Phishing is extremely consequential. Directive has experts who can assist your business with learning to identify phishing attempts. Call 607.433.2200 to speak to one today!