One constant threat to network security is phishing. 65% of U.S. organizations were victims of a successful phishing attack in 2019, which is 10% above the global average.
Phishing emails remain the number one cause of data breaches and malware infections for businesses in North Carolina and the rest of the world, but only 49% of American workers can define what phishing is.
That knowledge gap is one of the reasons why companies still find themselves victims of phishing attacks even though they may have some network security protections in place.
Understanding what phishing is and how to identify it is vital to protecting yourself from a costly data breach or ransomware attack.
What is Phishing?
The term “phishing” is derived from the activity of catching fish in a net. In a phishing attack a scammer is trying to trick as many users as possible (i.e. catch them in their net). The trick is to get the user to open a file attachment that injects malware into their device or click a link to a malicious website that can do a “drive by” download of malware or take them to a fake login page created to steal their username and password or other sensitive information.
Phishing emails are designed to look like trusted emails with the specific purpose of fooling a user into taking one of the actions mentioned above. Two decades ago, a phishing email might have been a text only email from a fake “Nigerian Prince,” but today, they are much more sophisticated.
In fact, it’s often nearly impossible to tell a phishing email from the real thing because they’ll use the logo and signatures of legitimate companies, like UPS, AT&T, or Microsoft.
Hackers can also gain access into Office 365 or other email accounts and send phishing emails from a colleague’s legitimate email account. These usually say something like, “Hey, I thought you’d like to see this” with a malicious URL.
Again, the goal is to trick you into trusting the bogus email and taking an action that’s going to result in a malware infection, stolen login credentials, or another type of harmful activity.
Phishing scams come in all shapes and sizes. Here are some of the most common ploys you’ll see:
- Tracking email with link
- Email warning that a service is going to be stopped
- File sharing link
- Bills from well-known retailers (like Amazon)
- Bank notification
- Social media alert
Phishing also comes in several forms:
- Email (the most common)
- Social media direct message (becoming more popular)
- Messaging apps (like WhatsApp)
- Text message
- Phone (the oldest form, that used to simply be called scam calls)
Tips to Spot and Avoid Phishing Emails
Identifying phishing emails from legitimate emails can be difficult, but there are some telltale signs that users can look for to help them spot the fakes and tips to avoid being taken in by a phishing scam.
Hover Over Links Instead of Clicking Them
A majority of phishing emails use links instead of attachments to try to get past antivirus software. If you carefully hover over the link with your cursor instead of clicking on it, it will often reveal a URL that has nothing to do with the company that the scammer is pretending to send the email from.
Poor Grammar and Spelling Errors
While you won’t see these happening as often as they did in the past, spelling errors and poor grammar can still be a dead giveaway of a phishing email. Often, they’ll be more subtle and may just be one or two words in a paragraph that sound “off.”
Emails Asking You to Validate a Login
If you get an email out of the blue from your bank asking you to “validate your login” there is a good chance that it’s a phishing email. Don’t be taken in by spoofed pages that can look just like a real sign in form, these fakes are easy to create, and hackers can use URLs that are close to the real thing.
Something that Sounds Too Good to Be True
A recent phishing scam targeted at Office 365 users sent them an email pretending to be from the Human Resources department of their company that was promising a raise and asked them to look at an attached salary spreadsheet. That Excel sheet just redirected the user to a fake sign in form meant to steal their password.
If something sounds too good to be true, there’s a good chance it’s a scam.
Type Websites in Directly
If you’re afraid that the FedEx tracking notification you just received might be for real and you don’t want to just ignore it, then go to the site directly from your web browser rather than clicking the link in the email to check legitimacy.
Be Suspicious of Anything Unexpected
If you receive a purchase order from a company you’ve never heard of, you might rush to open the attachment hoping for a sale, but there is a high likelihood that email is a fake and the attachment contains malware.
Be suspicious of any email that you’re not expecting or anything that seems out of the ordinary. If you receive a curious email from a colleague, contact them directly before taking any action to ask them if they really sent it.
Backstop Users with Solid Web Protection and Anti-malware
Phishing scammers count on the fact that humans make mistakes, which is why phishing is such an effective tactic. You can backstop your users by singing up for a Managed Services Plan with RCOR.
All our plans include:
- Next generation antivirus
- Next generation anti-malware
- Web protection that blocks known harmful sites
- Proactive network monitoring and protection
Defend Your Network from Phishing with RCOR
Don’t become the next victim of a phishing attack, take steps now to protect your network and devices.
Sign up for a managed services plan to today by calling 919-263-5570 or contacting us online.