The odds are good that you deal with a lot of emails each and every day. Some are obviously spam or junk mail, while some are obviously important or relevant. But oftentimes we open up an email and we’re just not sure.
These questionable emails may contain a tone of intimacy or familiarity, like the sender has contacted you or dealt with you before, and the message could give some sort of information that may seem important on the surface. The email usually ends with a call to action and a link, which you are directed to click on in order to solve the problem the email has informed you of. If you click that link, you may be taken to an unsafe website or you may inadvertently begin downloading a file or program to your computer. You may not know it yet, but you may have just infected your computer with malware. These types of cyberattacks are called “phishing” attacks.
These emails and websites are the work of hackers or cybercriminals who create malicious sites and send emails to unsuspecting people to gain some sort of information from them, such as their login details for some other site, their bank or credit card details, or even their address and Social Security number. The website usually resembles a well-known site or carries the logo of a reputable brand that would make whoever visits the site trust it or see it as a “safe” site. Even the email they send usually has professional touches. These are some of the reasons many people fall victim to cyberattacks like these.
As the leading cybersecurity firm in our region, IT Mindshare is committed to helping organizations (and the people within those organizations) protect themselves from cyberattacks. With this in mind, in the following paragraphs we’ll help you learn to identify a phishing attack.
WHAT IS A PHISHING WEBSITE?
Before you can begin to identify a phishing website or email, you have to first understand what a phishing website is.
A phishing website is one that is built or created to look like another, like a clone of the original website owned by legitimate institutions. The site may contain the same details from the “real” site, including its interface, text copy or pictures. Also, the URL of the phishing site may resemble one that you are familiar with, making it easier for you to not suspect the site as one that is harmful.
WHAT IS A PHISHING EMAIL?
Phishing emails contain links to the phishing websites. The emails are designed to look like they come from companies or important people. Sometimes, it may even look like what came from a company that you have dealings with, like your insurance company or bank.
IDENTIFYING A PHISHING WEBSITE
There are a few telltale signs that a website is not legitimate. When you visit the website, what kind of instructions do you see? Are you told to download some important software or app? Or are you asked to input your personal information so that you can receive gifts you never asked for or won in a competition you never entered? These are hints that should raise questions about the legitimacy of the website.
If all you can see on a website is ‘Download Now’, or something similar, it is best you close the URL immediately. Spending more time on the site could even make the malware or virus download automatically. Exit these pages, then delete the history.
Also, be naturally cautious of ‘freebies’ or prizes, especially the ones you won in a game you never participated in.
Check for inaccuracies like misspellings or incorrect names. This could tip you off that the website you are in is not legitimate.
IDENTIFYING A PHISHING EMAIL
Since these phishing emails are sent in large volume, they may contain generalities, especially in the greeting. For example, you may see things like ‘Dear Member’, or ‘Good Morning’ when you are receiving the email in the evening.
Another thing to look out for is the address of the email. If the email is indeed from your bank or insurance company, then it would be sent through the address of the company, which is usually its URL (such as YourName@CompanyName.com), rather than through one of the many free emails we have today (such as firstname.lastname@example.org). An even more subtle trick is when the email address is close to the legitimate address, such as YourName@Company_Name.com. Observing that closely could let you know you have just received a phishing email.
These emails usually contain a tone of urgency, asking you to do something right away. It may say that your account is about to be blocked or that some other negative thing is about to happen in an attempt to get you to hastily click on the link attached to the email.
They will usually contain a link or an attachment. The links are not straightforward and may be longer than two lines. You may not even see the main URL. If you know the site address of your bank or insurance company, you can easily detect a fake one. The fake one may be created to seem like the real one, but a period in the wrong place or unnecessary slashes and symbols could make it easier for you to recognize it as a fake.
The most important thing is to be alert and cautious of any strange links or attachments being sent to you. You can try searching for the link with a search engine, just to see the type of results it will bring up.
PUTTING IT TOGETHER
Cybercriminals have gotten pretty savvy these days, and they are making phishing emails and websites look more and more legitimate. Employee training is the key to keeping your organization’s sensitive data out of the hands of these hackers and scammers. IT Mindshare offers a variety of cybersecurity services, including security awareness training for employees. If you would like to make your organization safer from these types of cyberattacks, contact us today.