Before you open that attachment, think or you may fall prey to a phishing scam.
‘But what does “phishing” even mean?’
Phishing (also known as “spoofing”) is analogous to real-life fishing, only the bait is usually an email attachment, and you are the fish. It is for this reason, today’s entry is designed to help you spot phishing scams. Hackers carefully (and sometimes not so) compose content to trick you into opening files and/or websites in order to deliver virus payload.
Examples of this are aplenty, but the most common entry points are found in out-of-date websites (ie. not routinely updated with the latest security patches) which are infected, then masquerade as legitimate websites. Some of these fake sites are quite difficult to discern from their authentic counterparts.
Another common phishing tactic is found within email messages. The attackers will craft a message that bears logos and insignia of major companies or governmental organizations, often paired with a provocative call to action like ‘Important information about your tax return’ or ‘Your package could not be delivered’.
The attack then requires the recipient to open or download an attachment in order to uncover additional details. Upon opening the attachment, and without a strong endpoint security solution, your computer and possibly every online account belonging to you can be compromised.
How can I spot phishing scams?
The answer to this question is simple: The best defense, is a better offense. There are several ways available to spot phishing scams. Most often, suspect emails will contain at least two glaring typos and poorly-composed sentence structure; albeit attackers are becoming more adept every day.
Another useful measure is to ensure both that you recognize the sender of an email, and that its domain (the stuff after the ‘@’ symbol) matches the company or entity described in the subject and/or body.
Look carefully! The sender name reads “microsoft team.”. Not only are there errors in letter case, but an errant punctuation mark. The most glaring of these errors being that the highlighted section “mailed-by” does not show “Microsoft”. These are hallmarks of phishing scams.
While many means of unmasking and protecting against these scams exist, your first line of defense is a well-trained eye. So we’ve included a link to a FREE Phishing Test to aid in your training.
This test is completely free, and 100% safe. We recommend this test everyone, including existing and future clients.
Click here to take the Phishing IQ Test, courtesy of SonicWall.
Stay safe!