Phishing

We recently posted this video to highlight common phishing attempts as the human element remains one of the most critical focus areas for preventing a data breach.   

phishing 1 | CCP Tech - IT Success for Business

You see them in your inbox all the time….scammers use email or text messages in an attempt to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. Scammers launch thousands of phishing attacks like these every day — and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year. 

What is Phishing? 

The first step in spotting a phishing email comes with understanding what a phishing email is. A phishing email is sent to a recipient with the objective of making the recipient perform a specific task. The attacker may use techniques to make their email look genuine, and include a request to click on a link, open an attachment, or provide other sensitive information. 

They often appear genuine so the recipient is more trusting of the email and performs the specific task requested in the email. If the recipient clicks on a link to a malware-infected website, opens an attachment with a malicious payload or divulges their login credentials, an attacker can access a corporate network undetected. 

Common phishing attempts usually include one or more of the following: 

       1.Emails that Require Action 
Emails threatening a consequence unless urgent action is taken are often phishing emails. Attackers often use this approach to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies. 

  1. Emails with Bad Grammar and Spelling

Attackers are getting more sophisticated, but you may still see some emails that display poor English skills or that make it obvious they were pasted together instead of written by an actual human. 

  1. Emails with an Unfamiliar Greeting or Salutation

Emails exchanged between work colleagues usually have an informal salutation. Those that start “Dear,” that contain phrases not normally used in informal conversation or are from sources unfamiliar with the style of office interaction used in your business, should arouse suspicion. 

  1. Inconsistencies in Email Addresses & Links 

Another way to spot phishing is by finding inconsistencies in email addresses and links. Does the email originate from an organization you correspond with often? If so, check the sender’s address against previous emails from the same organization.  

  1. Suspicious Attachments

Most work-related file sharing now takes place via collaboration tools such as SharePoint, OneDrive or Dropbox. Therefore, internal emails with attachments should always be treated suspiciously – especially if they have an unfamiliar extension or one commonly associated with malware (.zip, .exe). 

  1. Emails Requesting Login Credentials 

Emails originating from an unexpected sender that request login credentials, payment information or other sensitive data should always be treated with caution. Spear phishers can forge login pages to look similar to the real thing and send an email containing a link that directs the recipient to the fake page.  

Conditioning employees to spot and report suspicious emails should be a workforce-wide exercise. The chances are that if one of your employees is the subject of a phishing attack, others will be as well. “If you see something, say something” should be a permanent rule in the workplace, and it is essential that employees have a process for reporting emails they have identified or opened. 

Please visit our website (www.ccpteam.com) or check us out on social media if you’re interested in learning more.  As always, calling our office will result in hearing a friendly voice that is happy to discuss any questions you may have.  We’ll keep pushing in the direction of excellence and look forward to those continuing partnerships that drive ITSuccess for Business. 

 

 

Where to go for more information or to get in contact with the CCP Team?  

Please visit our website (www.ccpteam.com) or check us out on social media if you’re interested in learning more.  As always, calling our office will result in hearing a friendly voice that is happy to discuss any questions you may have.  We’ll keep pushing in the direction of excellence and look forward to those continuing partnerships that drive IT Success for Business.