BNMC Blog

Tip of the Week: Identifying a Phishing Message Before You’re Hooked

Tip of the Week: Identifying a Phishing Message Before You’re Hooked

Phishing attacks are a fashionable strategy for many cybercriminals and have been for some time. From the infamous Nigerian Prince email scam to the generic urgent message from the bank, most people have seen at least one example of phishing hit their inbox.

While these potential threats are frustrating to look out for, that is exactly what needs to be done to prevent their success. Here are five tips to help you spot a phishing attack before it is too late.

Extreme Urgency

When somebody is trying to phish you, they often rely on you panicking and not fully thinking through the message. That’s why, whenever you receive an email labelled “urgent” and written in an intimidating tone, you need to take a few breaths and consider it a little more.

There is no questioning that email is an extremely valuable communication tool, but at the same time, would it really be how you sent someone an urgent, time-sensitive message over something like a phone call?

Even if it does come in via a phone call, any message you receive should be carefully considered before you act.

Attachments

Email gives business users so much utility, but that also lumps in those who make cybercrime their business as well. Email makes it much easier for a cybercriminal to send along a malware payload, hidden inside an attachment.

Therefore, you should never click into an email attachment that you didn’t anticipate receiving, and even think twice about the ones you did expect. Many organizations—like financial institutions and the like—are favorite ruses of cybercriminals, despite the fact that these organizations will either use a dedicated solution to reach out to you or call you directly before sending along an attachment. Unless you know with confidence what an attachment contains, it is best not to click on it at all.

Spelling and Grammar Errors

Let me ask you a question: if you were to receive any kind of written correspondence from a business, whether it was an email, a letter, what have you, would you take that business seriously if it was riddled with mistakes and misspellings? Unlikely.

Businesses are generally very aware of this, and usually put forth the effort to ensure that the materials and messages they send out are carefully edited before they distribute them for this very reason. Would you trust this blog if every other sentence featured a misspelled word or misused punctuation mark?

In a phishing message, however, the individual writing it is actively banking that their reader won’t be paying too close attention, making such errors less important. While this isn’t a hard and fast rule, it is a good way to keep your business safe.

Requests for Personal Information

In a similar vein, does it make sense that a business that presumably already has your sensitive information would reach out and ask for it again via email?

No, it doesn’t, and that’s why legitimate businesses tend not to do this.

While this is also a generalization and there will be exceptions, a scammer will generally be the only party to request sensitive and personal information over email. A legitimate business will have a different tool they use to collect this data if they need it, as they need to abide by the compliance and security requirements that are likely imposed on them by some regulatory body.

Suspicious Links

Finally, we need to discuss links, particularly those that come included in a surprise email. Links are remarkably easy to manipulate, so while you may think you’re visiting another business’ website or someone’s LinkedIn page you could very well be navigating to a website intended to deliver malware, steal access credentials, or even just get you to click into some lewd content that’s inappropriate for the workplace.

Here’s a list of red flags to keep an eye out for:

  • 1)     Everyone handles their domains a little differently, but use this as a general rule of thumb:
    • a)     paypal.com - Safe
    • b)     paypal.com/activatecard - Safe
    • c)     business.paypal.com - Safe
    • d)     business.paypal.com/retail - Safe
    • e)     paypal.com.activatecard.net - Suspicious! (notice the dot immediately after PayPal’s domain name)
    • f)       paypal.com.activatecard.net/secure - Suspicious!
    • g)     paypal.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!
  • 2)     Check the email in the header. An email from Amazon wouldn’t come in as noreply@amazn.com. Do a quick Google search for the email address to see if it is legitimate.
  • 3)     Always be careful opening attachments. If there is an attachment or link on the email, be extra cautious.
  • 4)     Be skeptical of password alerts. If the email mentions passwords, such as “your password has been stolen,” be suspicious. 

We hope this brief rundown helps you keep your business that much safer. For more cybersecurity and productivity best practices, reach out to BNMC at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, December 02 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Productivity Business Computing User Tips Privacy Email Cloud Network Security Microsoft Efficiency Software Hackers Hosted Solutions Business Workplace Tips Data Computer Malware Hardware Communication IT Support IT Services Google Small Business Mobile Devices Smartphone Internet Cloud Computing Android Mobile Device Tech Term Backup Managed IT Services Data Recovery Users Ransomware Smartphones Phishing Innovation Saving Money Outsourced IT Windows VoIP Information Upgrade communications Windows 10 Social Media Network Disaster Recovery Data Backup Cybersecurity Facebook Miscellaneous Microsoft Office Business Management Business Continuity Browser Server Office 365 Quick Tips Passwords Productivity Managed IT Services Windows 10 Managed Service Internet of Things Data Management Analytics App Gmail Collaboration Word Save Money Vulnerability Remote Monitoring COVID-19 Gadgets Apps Remote Work Infrastructure Mobile Office Artificial Intelligence Conferencing Money Encryption Chrome Managed Service Provider Government BYOD Company Culture Display Website Tip of the week IT Support Spam Remote Workers WiFi Employer-Employee Relationship Networking Information Technology Virtual Reality Access Control Google Drive Settings VPN Applications Paperless Office Router Virtual Private Network Apple Computers Education Unified Threat Management YouTube Storage Risk Management Office Tips Firewall Hacker Data storage Maintenance Avoiding Downtime Employee-Employer Relationship Document Management Robot Antivirus Development Big Data Operating System Automation End of Support HIPAA BDR IT Management Data Security Content Filtering Bandwidth Business Technology Going Green Wi-Fi Touchscreen Compliance Business Intelligence Virtualization Managed IT Holiday How To Tablet Data loss Printing Telephone Systems iOS Retail Alert Regulations desktop Password Augmented Reality MSP Two-factor Authentication Managing Stress Managed Services Monitors Managed IT Service Vendor Management Customer Relationship Management Laptop Scam Chromebook The Internet of Things Computing Outlook OneNote Wireless Bring Your Own Device Solid State Drive Break Fix LiFi Search Social Data Breach Hosted Solution Downtime Humor Windows 7 IT Training Mobile Security Marketing Best Practice Software as a Service Remote Computing Social Network Hard Disk Drive Administration Mouse SaaS Server Management IT solutions Digital Signage Data Warehouse Hotspot Internet Exlporer Procedure Google Maps SharePoint Google Docs Entertainment Writing Vendor Distribution Microsoft Excel Connectivity Halloween Techology Shortcuts Mobile Management IT Technicians Optimization Smart Technology Hacks Monitoring Solid State Drives Lenovo Google Wallet Streaming Dark Data Processor Update Staff Leominster Reviews Statistics Bitcoin Employee-Employer Relationships Modem FinTech Payment Card Blockchain Troubleshooting Business Analysis Language Value PCI DSS Downloads Business Growth Hybrid Cloud Logistics Mail Merge IoT Digital Payment VoIP Scary Stories Unified Threat Management Legal Security Cameras Profiles Mirgation Recycling Shortcut Distributed Denial of Service Spying National Security Politics Digital Firefox Running Cable Superfish Unified Communications Drones Human Error Customer Service Memory K-12 Schools Remote Meetings Disaster Bluetooth Comparison Windows 8 Analysis Students Work/Life Balance Cookies Inventory Address Permissions Virus Health Private Cloud Computing Infrastructure Professional Services Battery Buisness Scalability Office Samsung Social Networking Asset Management Tech Support Star Wars Peripheral Sports User Error Deep Learning Utility Computing Chatbots eWaste Patch Management Virtual Desktop Mobile Device Management Updates Shadow IT Spyware Device Reducing Cost Wearable Technology Network upgrade Uninterrupted Power Supply Specifications Mixed Reality Nanotechnology LED Threats Alerts USB Files File Sharing Heating/Cooling Multi-Factor Security Alt Codes Migration Social Engineering Consulting Motherboard Cables Memes Computer Care IBM Websites Fraud Cost Management Management Time Management Printer Laptops Twitter Identity Continuity PowerPoint Gamification Identity Theft Budget Mobility Batteries Smart Office Black Friday Screen Reader Charging Cybercrime Emergency Co-Managed IT Licensing Dongle RMM Servers Google Calendar Typing Safety Wires Corporate Profile Current Events Onboarding GDPR Assessment Policy Automobile Network Management Managed Services Provider Solar G Suite Dark Web Print Toner Network Congestion Myths Work Dell Cyber Monday Slack Hard Disk Drives Smart Tech Content Huawei Cooperation Service Level Agreement Banking Cabling Legislation Cryptocurrency Messaging Voice over Internet Protocol Holidays WannaCry Machine Learning Administrator Processors Taxes IT Budget Web Server what was your? Unsupported Software GPS Computer Repair Relocation IT Consultant Cameras Mobile Data Recovery How To Tracking Printers Cleaning Black Market CCTV user treats Webcam Law Enforcement Electronic Medical Records Notifications Physical Security Error Mobile Computing Emoji Point of Sale Ben McDonald shares Upgrades Gadget Financial Travel Crowdsourcing Personal Information Botnet Supercomputer CrashOverride Cortana 3D Printing Regulation Motion Sickness Staffing

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3