BNMC Blog

Are You and Your Team Prepared to Deal with Phishing?

Are You and Your Team Prepared to Deal with Phishing?

One of the most prevalent problems that businesses now face are scams known as phishing attacks. When it comes to defending against these attacks, the capability to identify phishing as such is perhaps your greatest asset. Let’s go over a few signs that a message you receive might be a phishing attack.

Why Phishing Attacks are So Dangerous

There are various factors that contribute to the risks associated with phishing attacks. One of the biggest contributors: the very low barrier to entry that a phishing scam requires of the person conducting it.

Picture a hacker for a moment. What do you see?

If you’re anything like the average user, you mind jumps to the imagery that pop culture has cultivated. A dark room, awash in a pale blue-white glow from an array of monitors, with someone hunched over a keyboard, fingers elegantly typing with the confidence of a concert pianist. While this picture has long been accepted by audiences as the way that a hacker looks, it is a fabrication.

A lot of real-life hacking has pivoted to rely on psychology more than computer sciences and programming. Instead of manipulating code, a hacker focuses on manipulating the user. Why pick a lock if you can fool someone into handing over their keys?

Unfortunately, phishing attacks are as effective as they are simple. Most users just don’t know what to look for to tell a legitimate email or website from a fraudulent one. Most aren’t even anticipating that they’ll be targeted at all.

As a result, the scenario plays out like this: a hacker sends out an email that looks as though it is from a popular bank. To the untrained eye, it seems to be legitimate, and it may have even fooled the filters the user has set up to organize their emails. This is precisely how phishing attacks work—by getting the user to believe that the email is legitimate and having them play right into the attacker’s hands as a result.

Whether the phishing email links to a malicious website or carries a malicious attachment, they are not to be taken lightly.

How to Spot a Phishing Attempt

While we aren’t trying to inspire paranoia, any email you receive could be a phishing email, which means you need to consider each one you receive. Make sure you follow the next few steps to prevent yourself from being taken advantage of.

Check the tone. Is the email you’ve received trying to elicit an extreme emotion from you? Is it blatantly urgent, asking information about an account of yours without any reason to, or simply making a truly unbelievable offer? Attackers will often shape their phishing messages to instigate an emotional response. Stay rational.

Check any links before clicking. It is startling how much trust people will put in a link. Hackers have numerous ways to hide the actual destination of a link, many of which indicate that the link is faked… although you need to know what to look for. Let’s consider PayPal for a moment.

A legitimate PayPal link would direct to paypal-dot-com. However, if you were to add something—anything—between “paypal” and “dot-com”, the link would obviously go somewhere else. There are various other rules to keep in mind, too. For instance, the “dot-com” in the domain should be the last dot-anything and should be immediately followed by a forward slash (/).

Here’s a brief list of safe examples, and some unsafe and suspicious examples:

  • paypal.com - Safe
  • paypal.com/activatecard - Safe
  • business.paypal.com - Safe
  • business.paypal.com/retail - Safe
  • paypal.com.activatecard.net - Suspicious! (See the dot immediately after PayPal’s domain name?)
  • paypal.com.activatecard.net/secure - Suspicious!
  • paypal.com/activatecard/tinyurl.com/retail - Suspicious! (Don’t trust any dots after the domain!)

Check the email in the header. The top of the email will contain the address that the email was sent from, which can give you a few hints as to how legitimate the email is. Think about it—it isn’t likely that PayPal’s email address would be paypal@gmail-dot-com, is it? Just to be safe, do a quick online search for any addresses you’re unsure about.

Check any attachments. Or, more accurately, ask yourself if there should be an attachment in the email, or any links, for that matter. It is very common for email-based threats to come in as an infected attachment, or as a link to a website that automatically installs whatever the attackers want. Don’t click it if you can help it.

Check password alerts for legitimacy. One common use for phishing emails is to steal a user’s credentials. Posing as a password alert, the email will provide a link for the user to reset their password, delivering it directly to the attacker. Navigate to the account yourself, rather than using the link, just to be safe.

If this makes it sound like you can’t really trust any of the emails you receive, it’s because you can’t, to a point. For email (and any other form of communication, for that matter) to remain useful to businesses, they must be used securely. A good spam-blocker doesn’t hurt, either.

Our IT professionals have considerable experience in attending to your business’ security, including that of your emails. To learn more about what we have to offer, give BNMC a call at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, September 22 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Email User Tips Privacy Cloud Microsoft Network Security Efficiency Business Hackers Hosted Solutions Software Computer Data Malware Workplace Tips Communication Google Hardware Small Business IT Services IT Support Mobile Devices Smartphone Internet Cloud Computing Tech Term Managed IT Services Data Recovery Android Users Backup Innovation Ransomware Mobile Device Windows VoIP Outsourced IT Phishing Smartphones Information Upgrade Saving Money communications Disaster Recovery Windows 10 Facebook Data Backup Miscellaneous Office 365 Social Media Business Continuity Network Microsoft Office Business Management Browser Server Cybersecurity Managed IT Services Productivity Quick Tips Windows 10 Passwords Internet of Things Data Management App Gmail Word Gadgets Vulnerability Remote Monitoring COVID-19 Apps Artificial Intelligence Mobile Office Infrastructure Conferencing Encryption Managed Service Money Chrome Managed Service Provider Save Money Analytics Router Website Government Company Culture BYOD IT Support Collaboration Tip of the week Remote Workers Settings Information Technology Google Drive Employer-Employee Relationship Networking VPN Access Control Virtual Reality Paperless Office Remote Work Applications Storage Risk Management Business Technology Virtual Private Network Office Tips Computers Unified Threat Management Hacker Data storage Employee-Employer Relationship Display Big Data Maintenance Spam Firewall WiFi Operating System Avoiding Downtime Antivirus Development Document Management Robot Bandwidth Automation Content Filtering HIPAA BDR YouTube Education Apple IT Management Data Security Server Management SaaS Compliance Business Intelligence iOS Printing Touchscreen Password Managed IT Wi-Fi Tablet Virtualization Data loss How To Holiday Regulations Telephone Systems Laptop desktop Managed Services Retail Alert The Internet of Things MSP Augmented Reality Managing Stress Computing Outlook Two-factor Authentication Downtime Managed IT Service Bring Your Own Device OneNote Social Monitors LiFi Data Breach Customer Relationship Management Scam Vendor Management Marketing Chromebook Hosted Solution Windows 7 IT Humor Solid State Drive Administration Software as a Service Break Fix Social Network Wireless Best Practice Search Mouse End of Support Training Hard Disk Drive Going Green Mobile Security Remote Computing Legislation Network Congestion Voice over Internet Protocol WannaCry Employee-Employer Relationships Google Wallet Payment Card Cooperation Service Level Agreement Cabling Scary Stories Streaming Bitcoin Processor PCI DSS Hybrid Cloud Microsoft Excel Logistics Hotspot Internet Exlporer Google Maps Running Cable Troubleshooting Business Growth Business Analysis SharePoint Buisness Security Cameras Profiles Smart Technology Writing Connectivity Spying National Security Legal Techology IT Technicians Optimization Windows 8 Memory Statistics Modem FinTech Virtual Desktop Analysis Unified Communications Students Drones Lenovo Inventory Staff Leominster Sports Human Error Dark Data Battery Update Scalability Mail Merge Blockchain Asset Management Language Value Virus Downloads Recycling Mobile Device Management Utility Computing Shortcut Distributed Denial of Service IoT Digital Payment Deep Learning Updates VoIP Unified Threat Management Peripheral Mirgation Device Reducing Cost Bluetooth Comparison Cookies Digital Mixed Reality Firefox Superfish Shadow IT Politics K-12 Schools Meetings Disaster Customer Service Files Social Networking Migration Consulting Address Permissions Memes Work/Life Balance Computing Infrastructure Professional Services LED Alt Codes Threats Chatbots eWaste Laptops Patch Management Office Samsung Star Wars Cybercrime PowerPoint User Error Management Health Private Cloud Mobility Batteries Specifications Nanotechnology Spyware Budget Gamification Tech Support Wearable Technology Network upgrade Uninterrupted Power Supply Multi-Factor Security RMM Motherboard Cables Computer Care IBM Alerts USB File Sharing Co-Managed IT Typing Heating/Cooling Identity Continuity Current Events Managed Services Provider Social Engineering Fraud Cost Management Onboarding GDPR Time Management Printer Policy Print Toner Myths Black Friday Twitter Screen Reader Charging Identity Theft Slack Hard Disk Drives Websites Smart Office Servers Google Calendar Banking Wires Corporate Profile Messaging Emergency Holidays Licensing Dongle Halloween Content Cryptocurrency Huawei Solar G Suite IT solutions Entertainment Vendor Dark Web Distribution Safety Assessment Automobile Digital Signage Data Warehouse Google Docs Network Management Procedure Dell Shortcuts Hacks Mobile Management Cyber Monday Smart Tech Monitoring Solid State Drives Work Cortana Staffing 3D Printing Motion Sickness Taxes Administrator Web Server what was your? Processors IT Budget Machine Learning GPS Unsupported Software IT Consultant Printers Cameras Computer Repair Relocation Tracking Mobile Data Recovery Cleaning How To CCTV Mobile Computing Black Market Webcam Law Enforcement Financial Notifications Error Electronic Medical Records Ben McDonald shares Physical Security Point of Sale Emoji Upgrades Gadget Travel Crowdsourcing Regulation Supercomputer CrashOverride Personal Information Botnet

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3