How to Spot and AVOID Phishing Emails

Phishing emails are malicious emails sent by criminals attempting to compromise your personal information. They often appear to be legitimate, so beware.

Most phishing emails are disguised as messages from an authoritative entity asking you to visit a website and enter personal information. These websites are set up to gather personal details, which they can then use to hack into your accounts and commit fraud. Some links and attachments in these emails contain malicious software, known as malware, which will install itself on your computer. Malware then collects data such as usernames and passwords. If you recognize these emails, delete them immediately.

Being informed about Phishing techniques and the current news relating to it is very important because new phishing scams are being developed all the time. Without staying on top of these new phishing techniques, you could inadvertently fall prey to one. Keep your eyes peeled for news about new phishing scams. By finding out about them as early as possible, you will be at much lower risk of getting lured in by one.

Being able to recognize these emails will lessen your chances of being compromised. Here are some tips:

  1. Email Address. This is the first thing you should look at. Criminals use two tricks when crafting email addresses. First, they’ll put a real company’s name before the “@“sign to make it look credible. Second, they’ll use a web address similar to the genuine one. Scammers will craft phishing email addresses almost (but not exactly) identical to the real addresses. Check these emails carefully to make sure they are exactly the same as the real web address.
  2. Generic Greetings. Being cautious of emails with generic greetings such as “Dear Valued Customer” or “Dear Valued Employee”. Look for poor spelling, punctuation or grammar. Scammers will go to great lengths to make their phishing emails look authentic. They’ll use an actual company logo and even the names of people who are employed at the company.
  3. Links. If a link appears within the email, hover your cursor over the link to view the underlying address. Check to see where it would take you if you were to click on the link.
  4. Sense of Urgency. Phishing emails may use phrases such as “act quickly” to create a sense of urgency in order to lure their targets in. These scammers may make you feel as if you’re missing out on something. They want to pique your curiosity or exploit your fear to push you into an instant response.
  5. Name. Look to see whose name is at the end of the email. If it’s from a person, is their name in the email address and does the email address appear valid?
  6. Keep Your Browser Up-to-Date. Security patches are released for popular browsers all the time. They are released in response to the security loopholes that phishers and other hackers inevitably discover and exploit. Don’t ignore messages about updating your browsers – when an update is available, download and install it.
  7. Use a Firewall. High-quality firewalls act as buffers between you, your computer and outside intruders. You should use two different kinds: a desktop firewall and a network firewall. The first option is a type of software, and the second option is a type of hardware. When used together, they drastically reduce the odds of hackers and phishers infiltrating your computer or your network.
  8. Add Antivirus. There are a number of antivirus options available to both home users and business owners. There are special signatures that are included with antivirus software which will protect you against known technology workarounds and loopholes. Remember to keep your software up-to-date since new definitions are added all the time due to scams being developed consistently. Antivirus software will scan files which pass through the Internet to your computer and prevent damage to your PC.These types of emails are just generic emails which are sent out to large groups of people, knowing that it only takes a few people to click to make the effort worthwhile to the scammers.

Hold on, there’s more…

Spear Phishing. Criminals who target specific individuals use what is called “spear phishing.” Spear Phishing emails are even more sophisticated than your run-of-the-mill phishing emails, often using personal information obtained from social media pages to make the emails appear credible. These cyber criminals might use your name or tailor the email to reflect your hobbies, interests, where you live or events that are happening locally. They may even make the email look as if it came from the organization you work for. People are sometimes targeted because of their position within the company or because they have access to sensitive data.

As a general rule, you should never share personal or financially sensitive information over the Internet. When in doubt, go visit the main website of the company in question, get their number and give them a call. Most of the phishing emails will direct you to pages where entries for financial or personal information are required. An Internet user should never make confidential entries through the links provided in the emails. Never send an email with sensitive information to anyone. Make it a habit to check the address of the website. A secure website always starts with “https”.

When in doubt, don’t click! Contact your IT administrator. And remember, legitimate organizations will never ask you to disclose personal data via email.

You can also report the scam to the FBI’s Internet Fraud Complaint Center at www.ic3.gov.

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Read this case study about a particularly vicious attack that Bryley remediated.

 

Additional Resources:

https://www.sec.gov/oit/announcement/notice-regarding-phishing-scam-targeting-edgar-filers.html
https://www.usatoday.com/tech/
https://apwg.org/resources/overview/avoid-phishing-scams