By Bill Minahan | November 11, 2019 | 0 Comments
Phishing warning signs: You’ve received a suspicious email, and you’re wondering how to tell if it’s a phishing email or not.
If you’re unsure what phishing is, read about how it works here.
Phishing emails have become extremely sophisticated in recent years, but there are still several signs that can tell you if it’s a malicious link.
Before you click on any link in your inbox, you need to ask yourself the questions below.
Often, emails come out of the blue from services you don’t even use. If that’s the case, then don’t click a link from a service, person, or organization, you’re not associated with.
However, the most successful emails look like they come from a person you know or a service you use.
You need to ask yourself, were you expecting that PDF from Karen in HR? That invoice from Best Buy? That google doc from your dentist? If you weren’t, that’s a sign, don’t click it.
Even if you were expecting an email, it’s not enough to only ask yourself this question. Proceed with caution and ask yourself the following questions.
One of the most successful tactics cyber criminals use during phishing attacks is a sense of urgency. That way, it causes panic and you don’t think as clearly as you normally would. Urgency is a clear sign of phishing.
For example, interns are often victims of phishing attacks. They receive links from spoof email addresses posing as their superiors. Usually, the email demands something urgent or time-sensitive: click this link, fill out this form, wire this money. Often, interns don’t feel like they have the authority to question the link or ask for verification, so they complete the hacker’s task.
Another common tactic is money. Commonly, a phishing scam is an invoice that says a large sum of money was withdrawn from your account. Or, an unusual charge from a service you use. Cyber criminals make sure the emails come from services that are used by most people: Amazon, Netflix, UPS, Google, etc.
Spelling errors in links and email addresses are common signs of phishing attacks. However, most spelling errors today are easy to miss without diligence or research.
For example, look at the picture below:
As you can see, there are subtle spelling errors in an otherwise error-free email. Before, it was easy to tell spoof emails. Today, methods are getting more sophisticated. Errors are harder to detect.
Spelling errors in links are even harder to notice since they are longer and more complex.
For example the link: https://www.bankofamerlca.com/online-banking/login
The link is so long that at first glance, it’s easy to miss that America is spelled with a lowercase L. Especially if the email was urgently demanding you check your funds.
Some hackers go the extra mile by including a link that looks legitimate in their phishing attack. It’s a malicious link masked as a safe one. However, to avoid these, make a habit of hovering over a link without clicking on it. For example, take a look at the phishing attack below:
Hovering over a link without clicking on it reveals the actual destination of a link on most browsers, but not all of them.
Link redirects are one of the most common tactics hackers use in successful phishing attempts. Watch out for signs of redirects by hovering over the link in question. If you’re unsure, don’t click it.
Even if you follow these best practices and ask yourself the right questions, sometimes it’s still not possible to tell if it’s a phishing attack. Familiarizing yourself with the warning signs of phishing is the first step.
It’s important that we protect ourselves as well as educate ourselves. You should be using anti-virus software that automatically detects malware in links, emails, and messages.
Anti-virus software is an affordable tool that makes phishing emails less likely to end up in your inbox in the first place.
Another way to protect yourself is to utilize intrusion detection software. Intrusion detection software notifies you if a hacker or an unauthorized user is in your network.
Often, you can click on links without knowing they’re malicious. Hackers can infiltrate your systems without you even noticing. However, intrusion detection software monitors your system and notifies you right away of a breach.
Finally, back up your data. If you do click on a malicious link and your intrusion detection has notified you of a hacker in your network, then you want to be prepared for the worst-case scenario.
Your incident response plan should always include regular backups of all your data and information. That way, if a hacker does hold your data hostage, it won’t be the only copy.
Phishing attempts are more sophisticated than ever. As a result, the defense techniques we use should be just as strong.
aNetworks offers anti-virus software, intrusion detection software, and regular backups, and data recovery plans. That way you can prevent, detect, and protect yourself against phishing scams.
Ensuring your business’s security can be daunting, but you don’t have to do it alone. Our experts provide free consults and security advice, to start click the link below.