It happens all the time… you get an email that looks like it’s from a legitimate company, asking you to do something urgently. It may give you a link to sign into a website to verify a shipment or open a file that contains a purchase order that’s been awaiting billing.
Both of these represent common types of phishing attacks meant to do one thing, trick you into downloading some type of malicious script that can compromise your network in any number of ways.
76% of organizations say they’ve experienced a phishing attack in 2017.
Phishing is still the number one form of cyberattack, with 76% of companies reporting attacks just last year and nearly half of them reporting an increase in this type of attack. The average computer user receives at least 16 malicious emails per month, and some more than that.
That’s one reason our Unity IT Email Cybersecurity Team stays busy. We help companies avoid the pain, downtime, and cost of IT intrusions by hackers, scammers, and thieves. We offer a multi-pronged approach that combines employee training, offsite storage, spam control, and state-of-the-art network security applications.
One successful phishing attempt that is clicked by an unsuspecting employee can cause multiple problems for your company. And no business is immune.
Hackers send out about 156 million phishing emails globally every day. About 16 million of them make it through filters and roughly 8 million are opened by users tricked into thinking they’re legitimate.
But you can keep yourself safe by knowing how to identify a phishing attempt and teach your staff to avoid them. Often the person opening the email is the last line of defense, and the most important one, against a potential data breach.
What is Phishing and Why is It Called That?
Phishing is the practice of sending fraudulent emails disguised as being from a reputable source with the intent to gain sensitive information or for other malicious reasons.
Phishing is a homophone of the word “fishing” due to the similar nature of using bait in an attempt to catch prey.
An email purporting to be from your bank using their name, colors, and logo asks you to immediately login to change your password due to some type of breach. When you click the link, the site may even mimic that of your bank. But if you login, you’re actually giving your bank login details to cybercriminals who can then use them to gain access to your bank account.
A famous example of a phishing email that caused a notorious data breach was the one related to the Democratic National Committee (DNC). A malicious script downloaded from a phishing email ended up allowing their server to be hacked.
7 Useful Tips for Identifying a Phishing Email (Before You Click!)
Unity IT helps businesses overcome obstacles every day by delivering solid IT solutions in Fresno, Visalia, Clovis, and Madera, California. But no matter where you’re located, these seven tips just might save you from that next data breach attempt.
1. Hover Before You Click
A favorite trick of phishing email writers is to make a link look legitimate, like “www.yourbank.com/security” so you’ll click without thinking. But if you take a second to simply hover your cursor over the link before clicking, you can see the true URL revealed as a popup. This can immediately alert you to a dangerous link that doesn’t match the text.
2. Be Suspicious of Urgency
Many phishing emails will try to scare you into clicking their links or downloading an attachment before you have a chance to full process what you’re doing. They’ll use threatening language such as a tax issue that’s going to cost if you don’t act right away or other urgent language. Be doubly suspicious of any emails using these emotional tactics.
3. Question Things Out of the Ordinary
Phishing scammers are very clever, and they may even have your name in the salutation or make an email look like it’s coming from a colleague in your organization. If you’re receiving an email from someone that you don’t expect, or if anything seems a little “off” that’s a huge phishing red flag.
4. Don’t Click Direct Links You Aren’t Sure About
If you get an email from UPS asking you to update your account and you think it might be fake, but aren’t sure. Don’t click the link in the email, and instead open up your browser and go to UPS by typing the site’s name in. That way you’re covered and won’t accidentally end up on a scam look-alike site.
5. Check the Header and Email Address
Many of us have at one time or another received an email from our own address that we know we didn’t send. How does that happen? Phishing scammers often mock an email address, but if you view the header or source in your email program, it reveals the true address the email came from.
6. Bad Spelling and Improper Grammar
A big give away of a fake email is misspellings and poor grammar. While some phishing attempts are more careful than others, many scammers send out hundreds of thousands of emails to different countries and aren’t as careful with how they read, so that’s a huge flag that the email is not legitimate.
7. File Attachment Formats to Avoid
There are certain types of file formats that scammers will hide malicious scripts within, some are more unusual, but others are more well know. It’s a good protocol to use a virus scan on any attachment before it’s opened.
Some of the attachments to avoid opening from an unknown sender are:
- .htm, html
- .doc, docx, docm
- .vbs, vb
Need a Security Training or Email Security Checkup?
How is your IT security system handling phishing threats? Are you sure you’re protected? Unity IT can help!
Get a free security review or set up a staff cybersecurity training today. Just give us a call at 559-297-1007 or contact us online.