phishing [ˈfiSHiNG] NOUN 1. The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
“an email that is likely a phishing scam”
Common Phishing Scams
Credit card
Mail Alerts that Lead to Trouble
You are probably used to receiving occasional emails from your credit card company. Most of the messages that you receive from your credit card company are probably friendly reminders and sales pitches. If you receive a message that has an unusual level of urgency, however, you should be extremely careful.
Clicking on Links in a Spoofed Email
You should never click on a link in an email from your credit card company, even if you think that it is legitimate. It only takes a few extra seconds to open a new tab in your browser, manually type in the credit card company’s URL and log into your account.
Banking
Spoof Bank Emails
One way to avoid falling victim to spoof bank emails is by looking at them closely. Never assume that such messages originate from legitimate sources. Be especially vigilant if the email requests information from you.
Spoof Bank Websites
Never follow a link to your bank’s website. Always type the URL manually into your browser’s address bar or give them a call to check on your accounts.
Email
There are many signs of a phishing email. The first thing that you should look at is the greeting. Does it use your actual name, or does it have a generic greeting? Look closely at the email’s header. What is the sender’s email address? These addresses are usually carefully designed to look authentic. By taking a very close look at them, though, you can usually see inconsistencies and things that don’t make sense. If possible, compare the sender’s email address to that of previous messages from the same company. If it’s a phishing email, you will notice things that don’t add up.
Website
Unusual Urgency
A legitimate website for a bank, credit card company or other organization isn’t going to have an air of desperation about it. You aren’t going to find urgent messages sprawling across such sites.
Poor Design
The websites of professional businesses and organizations are generally sleek and stylish. If you visit one that seems to look a little ramshackle, there’s a very good chance that you’ve stumbled upon a spoofed site.
Misspellings
Business websites typically include copy that has been written by professionals. They are not going to be riddled with misspellings and glaring grammatical errors.
Pop-Up Windows
Legitimate sites are not going to bombard you with pop-up windows the second you land on them. Everyone knows that pop-ups are commonly used to gather sensitive information from unsuspecting victims. Use a browser that allows you to block pop-ups.
**information from www.phishing.org
Would you click on this link?
The phishing email example above shows the sender’s email address has the domain name “go-daddy-file.website.” This alone should be enough to raise suspicion because it’s not from a godaddy.com email account. Another indicator can also be the website address of the link you’re asked to follow — it will not match the name of the sender.
example from https://cheapsslsecurity.com/blog/10-phishing-email-examples-you-need-to-see/
Here are 10 basic guidelines in keeping yourself safe:
1. Keep Informed About Phishing Techniques – New phishing scams are being developed all the time. For IT administrators, ongoing security awareness training and simulated phishing for all users is highly recommended in keeping security top of mind throughout the organization.
2. Think Before You Click! – It’s fine to click on links when you’re on trusted sites. Hover over links that you are unsure of before clicking on them. Do they lead where they are supposed to lead? Most phishing emails will start with “Dear Customer” so you should be alert when you come across these emails. When in doubt, go directly to the source rather than clicking a potentially dangerous link.
3. Install an Anti-Phishing Toolbar – Most popular Internet browsers can be customized with anti-phishing toolbars. Such toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites. If you stumble upon a malicious site, the toolbar will alert you about it.
4. Verify a Site’s Security – It’s natural to be a little wary about supplying sensitive financial information online. Before submitting any information, make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar. If you get a message stating a certain website may contain malicious files, do not open the website. Never download files from suspicious emails or websites.
5. Check Your Online Accounts Regularly – If you don’t visit an online account for a while, someone could be having a field day with it. Even if you don’t technically need to, check in with each of your online accounts on a regular basis. Get into the habit of changing your passwords regularly too.
6. Keep Your Browser Up to Date – Security patches are released for popular browsers all the time. They are released in response to the security loopholes that phishers and other hackers inevitably discover and exploit. The minute an update is available, download and install it.
7. Use Firewalls – High-quality firewalls act as buffers between you, your computer and outside intruders. You should use two different kinds: a desktop firewall and a network firewall. When used together, they drastically reduce the odds of hackers and phishers infiltrating your computer or your network.
8. Be Wary of Pop-Ups – Pop-up windows often masquerade as legitimate components of a website. All too often, though, they are phishing attempts. Many popular browsers allow you to block pop-ups; you can allow them on a case-by-case basis.
9. Never Give Out Personal Information – As a general rule, you should never share personal or financially sensitive information over the Internet. When in doubt, go visit the main website of the company in question, get their number and give them a call. Most of the phishing emails will direct you to pages where entries for financial or personal information are required. A secure website always starts with “https”.
10. Use Antivirus Software – There are plenty of reasons to use antivirus software. Special signatures that are included with antivirus software guard against known technology workarounds and loopholes. Just be sure to keep your software up to date.
***source; phishing.org
Remember there is no single fool-proof way to avoid phishing attacks.
I would be happy to talk about ways to make your business safer from phishing attacks!
Your Complete IT Solution Provider
Phone: 612-758-0949
www.Peptronics.com
CAPS LOCK – Preventing Login’s Since 1980.
Share
MAR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com