Over the last few years there phishing incidents have been on the rise, playing havoc with many small business and individual users. Even large businesses can be a target. The only way for a computer user to avoid these threats is to recognize a phishing email/phone call and know what to do (or not do).
To understand what these threats are let’s start with the basics:
What is Phishing?
Phishing is an attempt to get someone to give sensitive information such as username, password, and credit card details (and sometimes, indirectly, money), by masquerading as a trustworthy entity in an electronic communication. These requests for information can come in the form of phone calls, but are most often received in emails with requests to open an attachment or login to a specific website.
Recognizing phishing email messages, links, or phone calls
Phishing email messages, websites, and phone calls are designed to steal money. Typically cybercriminals use the bait of an attachment to an email message or sending the unsuspecting recipient to a website to confirm their personal account information. Either way, they use the bait to install malicious software on your computer that can open your computer up to their probing. In addition, many of these malicious emails can install a stealth keystroke logger that will allow the criminal to stealing your keystrokes and personal information off of your computer. Cybercriminals can also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses.
What does a phishing email message look like?
A phishing email often looks very real. The scammers may use a similar copy of a logo of a legitimate business to get you to do what they want. Take a look at this example of a phishing email message.
How can I tell if a message is a scam?
Be suspicious. If an email asks you to login directly from a link when you have not asked for something from the company, don’t. Investigate if you are not sure. There are some tell-tale signs that a message may be a phishing attempt:
- Spelling and bad grammar - Cybercriminals are not known for great grammar and spelling skills. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like the one above to go out to its users/employees. If you notice obvious spelling or grammar mistakes in an email, there is a good chance the message is a fake and/or malicious.
- Beware of links in email - If you see a link in a suspicious email message, don't click on it. Point to the link with your mouse (what we call hover), but do not click. Verify that the address that pops up matches the link that was typed in the message. Many times if you look closely at the email address, you will discover that the domain name (email website address) is very close but not the exact name of the legitimate message sender. Be suspicious of the sender’s email address. In the example above, you will notice the email address is really a Gmail account not a Lehigh University email account that ends looks like this:
This email address is being protected from spambots. You need JavaScript enabled to view it. . In addition, the links within the message might lead you to install .exe files. These kinds of files are known to spread malicious software both on your computer and throughout the network your computer is connected to. It does not matter if you are on a business or personal home network. Scammers can take advantage of you on either.
- Threats - Cybercriminals often use threats that your security has been compromised. They may even threaten that your account will be closed or you will be sued or fined if you didn't respond to an email message as asked.
- Incorporating graphics or art from popular websites or companies - Scam artists will often use graphics that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows.
Beware of phishing phone calls
If you get a phone call from a legitimate software company like Microsoft that offers to fix a problem with your computer that they are seeing at their headquarters, it is most likely a phishing attempt. These calls typically end with a “technician” logging into your computer to resolve the issue and maybe even install new software. Once you allow the technician to login, your computer and your personal information is vulnerable. No legitimate software company will make unsolicited phone calls to charge you for resolve computer security or software issues.
Once a scammer has gained your trust, they often ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Treat these types of unsolicited phone calls with skepticism. Never provide any personal information such as social security number, credit card number, bank account number or any type of user name or password to these callers.
Report phishing scams
Whether you receive a phone call or see a pop-up window on your PC asking for information and feel uncertain it is from a trusted source, don’t take the risk and comply. Investigate. If you are still not sure, reach out directly to your trusted technical support experts. We, at Patricia Egen Consulting can help. We much prefer helping our clients avoid these types of issues before serious damage is done.
If you receive a fake phone call, you take down the caller's information and report it to your local authorities. In the United States, use the FTC Complaint Assistant form at https://www.ftccomplaintassistant.gov/#crnt&panel1-1.
For help with issues such Phishing other related security issues, contact us at: (423) 875-2652 or
Source: Parts of this article were taken from Microsoft.com website.