Posted by Eric O. Schueler, Senior V.P. of Information Technology
Phishing emails aren’t new, but they are getting more creative and sophisticated. Phishers go to great lengths to create legitimate-looking emails from companies you know and trust in order to snag your information. In light of recent phishing attacks, here are a few tips to help you identify when an email is fake.
5 Ways to Identify a Phishing Email
Last week Google users were duped by a phishing email claiming to share a Google Doc. If you are familiar with Google Docs notifications and requests, you’ll know these are regular emails you may receive when someone creates a document they want to share with you. The phishing email created a convincing replica of that email, making it appear the link was taking you to Google Docs. Instead, the link prompted victims to log-in to view the document. This incited unsuspecting victims to give up their log-in credentials. Google has since stopped this particular phishing attack, but new phishing scams are created regularly. Another series of recent phishing emails appeared to come from Netflix. Netflix has been a target of several phishing scams, so often that they’ve created an email account for you to report phishing emails. They even have a section on phishing in their help center, telling users that Netflix will never request social security numbers, payment information or account passwords over email.
Businesses, in particular, have to be wary of phishing emails. Sometimes the links lead to malware and can damage your computers and network. Employees may unwittingly give up confidential business information. Sometimes these emails appear to come from financial institutions or government agencies and any information shared can be costly to your company. It is important to train your employees on how to identify these emails.
Here are 5 ways to identify an email as a phishing email:
- The URL destination does not match the company name. If you get an email from a company like Netflix, the url should have Netflix.com in it. If you scroll over a hyperlink with your mouse or finger and preview the link’s url, it should match the text of the hyperlink. Remember, anyone can create a link that displays Netflix.com but the url it will direct you to will be an entirely different url.
- Legitimate companies will not ask for your information over email. Never give your social security number, payment information or account password. Should a business request that you change a password, a surefire way to know you are going to a real website and not a fake website that phishers have gone to great lengths to imitate, is to simply type the company’s url in your browser without following the link.
- The message contains misspelled words or poor grammar. Corporations aren’t very likely to send out poorly spelled emails with a lot of errors. This is a huge red flag. Do not trust emails with errors.
- Emails that request immediate action or urgent response are often phishing emails. If you think a company or organization has legitimately contacted you, call the number listed on their website or log into your account by entering in the url yourself, rather than clicking the email link.
- Emails with generic greetings can be phishing emails. Companies you do business with will address you by name. Phishing emails often address you with a generic heading, such as “Dear customer.”
Sometimes, even these safety measure fail us. The Google attack was so successful because the phishers did not use a generic greeting and the document appeared to come from someone on your contacts list. It also looked like a legitimate site as https safety icons gave it a green checkmark instead of a red x. The red flag was that the link sent you to a firstname.lastname@example.org address and asked for log-in credentials.
The lesson here is that you should always look over emails with suspicion and never log-in or give up any information from an email link, no matter how reliable it looks.
Hampton Roads Communication Technologies (HRCT) is an IT and business telephone company, providing businesses network virus protection and removal, spam and email filtering, cloud computing and an array of business IT and computer services. If your business is in need of IT support or managed services, call 757-399-3350.
Posted by Eric O. Schueler, A+, MCP, MCSE, MCTS, CSSA, ACSP – Senior V.P. of Information Technology at HRCT. Eric has been in the business of providing IT and consulting for small and medium business for more than 15 years.
Hampton Roads Communication Technologies (HRCT) provides quality business telecommunications solutions, like Office 365, computer and IT support and managed service agreements to companies and organizations throughout the United States, Mid-Atlantic and the Hampton Roads Virginia cities of Virginia Beach, Chesapeake, Norfolk, Portsmouth, Suffolk, Newport News and Hampton, north into Williamsburg and south into the Outer Banks of North Carolina. HRCT keeps your company connected with 24/7 emergency service.
Call today. (757) 399-3350
Sources: techrepublic.com, websitemagazine.com
Images courtesy of FreeDigitalPhotos.net by David Castillo Dominici (phishing hook) and Stuart Miles (phishing hacked)