You may have had an encounter with a phishing (pronounced “fishing”) scam, or have heard the term. Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping their sensitive data secure. Much as the name suggests, cybercriminals use legitimate-looking emails, websites, social media messages, or texts as “bait” to trick users into conveying valuable personal information. Businesses, of course, are a particularly worthwhile target.
The most common phishing attack is an email message that contains a malicious link and/or attachment. The whole premise of a phishing scam is to convince you to click on the link or open the attachment contained in the message. When you do this, the link or attachment downloads a virus, or takes you to a malicious website, that often looks like a trustworthy company’s website.
If the phishing email contains a link to a fake website, users are then tricked into entering login credentials, credit card information, account information, and other sensitive information that the cybercriminal then uses to take your money, steal your identity, or impersonate you.
Furthermore, if the phishing attack has a malicious attachment, by opening it you can infect your computer with malicious software. This malicious software can do several undesirable things, such as record your keystrokes, install a virus or other destructive software, or even provide an intruder with remote access to your computer.
Many people think it’s a cinch to avoid getting reeled in by a phishing scam. After all, all you need to do is avoid clicking on a link in an email or text message. How easy is that? Unfortunately, some cybercriminals are extremely good at what they do. Many phishing emails include convincing brand logos, language, and a seemingly valid email address that can fool even the most experienced users.
Here is a list of a few tactics to help you avoid get hooked by a phishing attack:
- Be Skeptical – Never click an unexpected link or download an unfamiliar attachment, even if it’s from someone you know. Be especially distrustful of any message that requests personal information, even if the sender appears to already have some of your personal information.
- Don’t Trust the Display Name – A favorite phishing tactic among cybercriminals is to spoof (fake) the display name in the “from” field of an email. This is very easy to do, which makes it even more important to pay close attention to the email address of the sender.
- Inspect the Senders Email Address – Cybercriminals sometimes buy domains that are very similar to a real company’s domain name, so email messages appear to be coming from a trustworthy company. The domain name is the name following the @ symbol in an email address, and it should match the company’s website. For example, an email from joesmith@abccompany.com should be coming from the ABC Company which can be found on the internet at www.abccompany.com. If the sender’s email address domain name doesn’t match the company’s domain name exactly, don’t open it.
- Look but Don’t Click on Links. – Cybercriminals love to implant malicious links in legitimate-looking messages. You can hover your mouse over any links, without clicking, to see where it is taking you. If the link address looks suspicious, don’t click on it.
- Analyze the Message – Is the email addressed to a vague “Valued Customer?” If so, watch out; legitimate businesses will often use a personal salutation with your first and last name. Also, many phishing emails are riddled with bad grammar and spelling. No legitimate company would allow this and is a sure-fire way to identify a fake email.
It is important to note that following these 5 simple tactics will help to mitigate the risk of getting hooked by a phishing scam, but it is also important to follow other email security best practices. These include; protecting your systems with a firewall, spam filter, anti-virus and anti-spyware software, and always installing security updates for both your operating system and other software.