Why do cyber criminals use phishing as their go-to method of hacking? Because it works. Phishing is the #1 cause of data breaches worldwide. According to security expert Dr. Anup Ghosh, “Almost every breach you read about happens through phishing, and the weak link is the human behind the keyboard.”
Secant’s Service Desk and VCIO have also witnessed an uptick in phishing threats. Before a cyber criminal fools you or someone in your organization, we want to share a few helpful tips.
Hover before you click
Just because a link may look familiar, doesn’t necessarily mean that’s where your browser is going if you click it. For example, want to do some shopping at Amazon.com? Go ahead, click on it. Where does that take you? Not Amazon. A cyber criminal could just as easily have led you into their trap with a misleading hyperlink.
Most email platforms and browsers will show you where the link will take you if you hover over it. If you don’t trust the URL, don’t click it.
Consider the legitimacy
We can joke about the “foreign prince wants to give you millions” emails from the early 2000s because that scam has been played out. Since those days, scammers have gotten smarter. The emails look more authentic and their story lines are more believable. So you have to use context clues to determine their legitimacy.
- Do I know the person or company sending me this email?
- Am I expecting an invoice from this organization?
- Does the sender’s email address exactly match the company’s official domain name? For example, is the email coming from “amazon.com” or is it coming from another domain. Scammers often use look-alike domains or subdomains.
Those are huge red flags if you answered “no” to any or all of those questions.
Confusing email display names
Be wary of confusing email display names. These are the text fields used to display the sender’s first name and last name. That text field can include any text, including a phony email address that is designed to confuse you into thinking it is the sender’s email address. In Outlook and other email programs, the sender display name and sender email address are displayed consecutively. So you might see an email showing the sender information like this:
From: Bob Smith <firstname.lastname@example.org> [email@example.com]
It is the last email address that is the sender’s email address. The section before is just the display name text field, which can be populated with any information the sender wants to use.
We’ve all been known to make a mistake in spelling or punctuation from time to time. But a common trend among phishing emails are error-ridden communications. What are the odds that a corporation’s communications team spells a word wrong or uses the wrong version of “they’re/there/their”? Very low. What are the odds these types of errors have made their way throughout the entire email without getting fixed? Smells phishy, doesn’t it? It should.
Do you believe you’ve been compromised?
There are third-party sites that can search if your credentials are available on the dark web. Have I Been Pwned? offers free and valuable resources for end users and security professionals pertaining to data breaches.
Keeping these three tips in mind should help you combat 90% of the phishing out there. But cyber criminals are savvy and always attempting to stay ahead of the curve. Secant’s digital security experts have industry certifications and the relevant experience to help you protect your organization. With services and solutions like SiteCare 360°, Email Defender, and Sophos Phish Threat, you can trust Secant to help you navigate the increasingly daunting security landscape.