Today we’re tackling everything you need to know about phishing, including:
Chances are you’ve encountered spam or phishing emails. It’s when criminals pose as legitimate companies and institutions online to lure individuals into providing sensitive information including banking, credit card and password information.
Phishing emails come in various forms. It might be a familiar company or service, asking for your password.
Or, it’s from someone you know, but it seems just slightly off.
For example, say you get an email from your boss asking you to pay an invoice that looks unfamiliar. Or, your coworker asks you to make an unusual purchase with the company credit card that seems entirely out of the blue.
Phishing can also come in the form of spammy links or attachments that install malware on your device when you open it.
There are two main types of phishing emails; clone phishing and spear phishing.
Clone phishing is when hackers create malicious, almost identical copies of legitimate emails from reputable sources to trick targets into unknowingly sharing their information.
Here’s an example of a clone phishing email:
There are a few signs that indicate this is a phishing email:
If you were to hover over the link (don’t click it), you’d probably see a link that takes you somewhere other than WellsFargo.com.
Don’t click the links if you’re unsure of the source. If it asks for your login information, exit the email and go directly to the site in your browser to log in.
Spear phishing is a little trickier and more difficult to detect. Instead of copying legitimate emails, spear phishing involves targeted attacks aimed at specific individuals or companies.
In spear phishing, cybercriminals carefully research your online fingerprint. They observe the websites you visit and your social media profiles to identify where you shop, recent purchases, the companies you like, where you work and who your family and friends are.
They use personal details to disguise themselves as a trustworthy source.
Here’s an example of a spear phishing email:
Here are a few indicators:
Spear phishing mails often have login links and attachments like the example above. If you click the link, it takes you to a copycat version of your standard portal — the URL of the portal will be slightly different from your usual one.
However, if you’re rushing through a busy day answering emails, these are easy details to miss.
The best defense in phishing is education — knowing what to look for and what to do if you encounter a phishing scam.
Phishing scams are highly customized. It’s difficult to spot phishing emails, especially during a busy day.
Here are a few things to look out for:
Here are some best practices to follow when you receive a suspicious looking email
At Helixstorm, we’ll help you partner on every technical aspect of your business. From support desk help to IT strategy and planning, we’ll assess your network and help you secure and optimize your IT environment at every level of your business.