How to Recognize and Prevent Phishing Attacks
Year by year, businesses are moving towards being more digital than ever. As technology improves, nearly every aspect of a business can be done digitally. From communication in the form of digital meetings and email, to collaboration using cloud-based services and version control software, the internet has changed our professional lives forever. Unfortunately, while the use of technology has increased, so has the number of cyber attacks and scams. One of the most common cyber attacks that nearly every business experiences is phishing.
What is Phishing?
To put it simply, phishing is the act of trying to acquire someone’s personal information typically using email and fake links. The idea is to pose as something important or official and get the target to click on a disguised link that brings them to a malicious website that asks for sensitive information. This information could be bank accounts, usernames and passwords, social security numbers, and more. Phishing comes in several forms: regular phishing, spear phishing, and whaling.
The difference between regular phishing and spear phishing or whaling is that regular phishing is generally not a targeted attack. The attacker will send out hundreds or thousands of phishing attempts in an aim to play the numbers game and hope that they catch someone not paying attention. Spear phishing and whaling are targeted attacks that attempt to retrieve information from a higher up target such as a company executive.
How Do You Recognize a Phishing Attempt?
Phishing attempts can be easily recognized if you pay attention. Here are some ways to recognize you are a target of a phishing attack:
- You don’t recognize the email address or it looks fake
When you receive an email to your personal or business email accounts, double check every email address that reaches out to you. For example, you are contacted by your bank about needing to update some personal information on your account, but the bank email address has an extra letter than what you usually see, or it uses a capital “I” in the place of a lower-case “l” or vice-versa. If you see something off with the email address, immediately delete the email and block the account.
- The email contains a lot of typos or poor writing
Another way to recognize a phishing attempt is to notice that the email is written poorly and contains improper grammar or typos. If you are receiving an important email from a bank or your boss, the email will likely be written professionally and proofread before they are sent to you. An email containing many mistakes is likely to be illegitimate and require further investigation.
- You are asked for your personal information
In almost all cases, you will never be asked for personal information over email. Occasionally websites will ask you to confirm your account by clicking a confirmation link sent to your email after signing up, but they do not require you to manually enter in your information. If you encounter an email that either asks you outright for your personal information, or links to a website that asks you to type in your information, it is likely a scam. As previously mentioned, in these cases the URL you are being asked to click on will likely have some subtle differences between an official website and a malicious one.
What Do You Do If You Have Been Phished?
Unfortunately the reason why phishing attacks are still so prevalent is because they work. No matter how careful some people are, they can still fall victim to an attack. So what do you do if you clicked a link in your email, entered in your bank account information and then realized after it wasn’t legitimate? The first think you want to do is change your passwords.
Any account that shares a password with the one that has been phished needs to be changed as well. Contacting the business that has been imitated and letting them know what has happened can go a long way in preventing others from being victims as well. Finally, relax and take a step back to think over what you could have done better to recognize the phishing attempt. Apply that information going forward and you will never have to worry about having sensitive information stolen in this way again.
Using the above information can go a long way in helping you avoid being a victim of phishing attacks in your personal and professional life. As our reliance on technology increases, so will the amount of cyber crimes attempted. If you’re looking for more information on information security, contact us today.
Eric is a Business IT cybersecurity advisor, consultant, manager, integrator, and protector who founded EVERNET in 2007. Eric co-hosts a podcast called “Finance and Technology Insights by Brian & Eric” on YouTube. Eric is a regular contributor to the EVERNET blog, writing about the latest technology news and providing his expertise in cyber security prevention and management.