You’ve heard the term “Phishing” and we’ve warned you about phishing scams, but what exactly is it? As Cyber Security Awareness Month comes to a close, we’d like to give you some information and share tips for staying safe and secure online so you can #BeCyberSmart.
What is a phishing scam?
Phishing scams are nothing new, in fact, they’ve been around ever since the creation of email. Scammers usually impersonate other legitimate businesses to try and trick you into revealing sensitive information. Phishing scams can be through emails, phone calls, and/or text messages. They might ask you to verify a payment method, to fill out a survey for a chance to win a prize, or to click on a link or attachment. These cyber attacks then proceed to infect your machine with malware and viruses in order to collect personal and financial information.
Phishing campaigns typically come in the form of:
- Malicious links
- Malicious attachments
- Impersonation of a familiar business or person you may know
What does a phishing email scam look like?
- The image above is an email that looks like it’s from a company you know and trust
- The email asks you to click on a link to update your payment method.
- The dead giveaway for knowing that the email above is spam is to look at the sender’s email address. Although it says it’s from Netflix, the email address is clearly not from Netflix.
How do I spot a Phish?
There are a few things you can do to check and see if an email is from a scammer.
- Check The Sender: Look at the email address of the sender. The name may say “Netflix”, but if you look at the actual email link you may be able to tell if it’s spam. If the email is claiming to be from a business but the email address is a public email domain such as “@gmail.com” or from a funny looking domain such as “@notice-access-34563.com” then the email is most likely spam. Also make sure you check the domain name, hackers will often misspell the email’s domain name in hope that you see a familiar-looking URL.
- Misspellings or poorly written email: You can often tell if an email is a scam if it contains poor grammar and/or misspelled words.
- Search The Web: If you aren’t sure if the email is from a scammer or not you can do a quick internet search. Google the exact wording of the email or message to check for any references to a scam. If you have received a scam email, chances are, so have many other people. Someone has most likely blogged or written about the scam to warn others.
For more information on Phishing or for some more tips view this PDF from the Cybersecurity & Infrastructure Security Agency website.
What do I do if I spot a Phish?
Do Not Click: If you spot a phishing email or an email that you think might be from a scammer the first rule is to not click on anything. Avoid opening links or attachments or replying to the sender with any sort of information. We suggest you delete the email or mark it as spam.
Pick Up Your Phone: When in doubt call the sender. If you receive an email from a friend or local business but you weren’t expecting any links or attachments from that person. The best advice we can give you is to simply call your friend and double check that they sent you an email.
Contact Devfuzion for email protection. We offer many levels of email protection and training, some of our products can protect and/or training your staff for as little as $2 per user per month.