Phishing is the electronic version of social engineering and has found a huge market in our email-obsessed world. Hackers send fraudulent emails out to literally millions of people, hoping a few will click on the attached links, documents, or pictures, with the goal of getting recipients to willingly provide valuable private information such as; social security numbers, passwords, banking numbers, PINs, credit card numbers and so on. Scammers launch thousands of phishing attacks like these every day — and they’re often successful. Scammers often update their tactics to keep up with the latest news or trends all the time.
Are you guilty of clicking without thinking?
Typically, phishers send legitimate looking emails that appear as though they originated from reputable companies that many people do business with like BestBuy, Amazon, Microsoft, Federal Express, DHL, and PayPal. The emails often ask customers to confirm information or to go to the business site by clicking on a provided link, and often include a statement of impending consequences if you fail to act. The message could be from a scammer, who might
say they’ve noticed some suspicious activity or log-in attempts — they haven’t
claim there’s a problem with your account or your payment information — there isn’t
say you need to confirm some personal or financial information — you don’t
include an invoice you don’t recognize — it’s fake
want you to click on a link to make a payment — but the link has malware
say you’re eligible to register for a government refund — it’s a scam
offer a coupon for free stuff — it’s not real
What is a common indicator of a phishing attack?
Requests for personal information, generic greetings or lack of greetings, misspellings, unofficial "from" email addresses, unfamiliar webpages, and misleading hyperlinks are the most common indicators of a phishing attack.
Here is an infographic to help recognize scams via email:
How to prevent phishing attacks?
Evaluate emails for suspicious elements, as shown above.
Do not share personal information, including passwords.
Use email security protocols.
Verify the message with the sender. Be wary of the phone number provided in the email.
Use Multi-factor Authentication (MFA.)
Legit companies don’t request your sensitive information via email.
Legit companies usually call you by your name.
Legit companies have domain emails example: email@example.com vs. a free email account like gmail, hotmail or others.
Legit companies know how to spell.
Legit companies don’t force you to their website.
Legit companies don’t send unsolicited attachments.
Legit company links match legitimate URLs.
It doesn’t matter if you have the most secure security system in the world. It takes only one person to be fooled by a phishing attack and give away the data you’ve worked so hard to protect. Make sure both you and your employees understand these specific email phishing examples and all of the telltale signs of a phishing attempt.
How To Report Phishing?
If you got a phishing email report it. The information you give helps fight scammers.
If you got a phishing email, forward it to the Anti-Phishing Working Group at firstname.lastname@example.org.
If you got a phishing text message, forward it to SPAM (7726).
Report the phishing attempt to the FTC at ReportFraud.ftc.gov.
Call Kappa Computer Systems if your company needs help with IT Support and securing your email system.