Phishing is the practice of convincing people to provide personally identifiable information by pretending to be something or someone they are not. Here are three ways to spot a phishing scam.
Emails from banks or other financial institutions that show up in your spam mailbox telling you that there is a security problem. Usually, they will ask you to do something like click on a link to go to their malicious site and enter your credentials. If you do, they can now go to the legitimate site to steal from you.
To determine if the site is legitimate or not place your mouse over the link without clicking and look at the lower left corner of your screen. Most operating systems and browsers will show you where the link will take you if you do this. You will most likely see a different address than the one claimed in the email. Banks and financial institutions rarely send an email regarding these types of breaches so even if they are not in your spam mailbox be cautious. If you think there is a possibility that there has been a breach, type the URL of your bank or financial institution directly into the web browser. NEVER trust links to financial institutions in emails.
Phone calls that claim to be from a service company or technical support organization that you don’t know. These can be from people claiming to be from IRS, Microsoft, or any vendor that performs support services. They will ask for anything from the serial number of a device to your social security number or bank account number or credit card number.
If, you didn’t call them for service and don’t have a service agreement with remote monitoring and don’t know the person personally, ask for a call back number before you provide ANY information. The smallest seemingly innocuous information could be used to get a lead into how to penetrate your company. If you don’t know them, do an internet search of the organization before calling back. If they claim to be your service provider you should already have contact information for them. Use those contact details, rather than what you are provided to ensure you are speaking to a legitimate agent.
Review any windows that pop-up with offers to be sure they are legitimate. Clicking on unknown URLs that you haven’t searched for is dangerous and should be avoided. While browsing the web, many legitimate advertisements occur as do illegitimate ones. Read them carefully before proceeding and use the advice given in the first bullet point to make sure you are safe.
These are some brief security tips to share with your team. Any suspected phishing activities should be reported to your IT and or security teams. NEVER forward a suspected phishing email. Instead, have your IT support person review it. Forwarding increases the risk that someone will click on the link in the email with negative consequences.
For more detailed information on how to avoid phishing scams or how to mitigate the effects of one that has already taken place, contact 4 Corner IT today. We’d love to help you avoid the pitfalls of a cyber attack.