Direct Technology Group Blog

Direct Technology Group provides professional IT Support and Network Services for Businesses around South Florida. Computer Services, Tech Support, IT Solutions and more!

Tip of the Week: How to Identify (and Foil) a Phishing Attack

Phishing has been gaining notoriety in cybersecurity circles, as it has been used quite successfully in a variety of business infiltrations and data breaches. Many of the more well-known cyberattacks of the last few years were enabled by phishing. In order to protect your business’ interests, you and your team need to be able to identify these social engineering attempts. We’ll go over a few ways to do so for this week’s tip.

What Is Phishing, Anyway?

Appropriately enough, phishing is when a cybercriminal pulls a bait-and-switch, posing as someone they aren’t to steal data and/or access credentials. By posing as someone else, someone seen by their target as trustworthy, these attackers lull their target into a complacent sense of security.

There are many different kinds of phishing attacks, which can be split into two main categories. The first, general phishing, makes use of an email that is written to potentially apply to as many people as possible, as a means of maximizing the number of potential victims. The second is known as spear phishing, and focuses on quality over quantity. Rather than a generic message being sent to many people, spear phishing requires in-depth research and insights into a specific target. This has commonly proved effective, especially since these messages typically appear to come from an authority figure.

Phishing attacks can be used to steal credentials, infect a workstation or network with malware, or fool a business user into making false orders on behalf of the business. Naturally, none of this bodes well for the targeted business.

What You Can Do to Recognize a Phishing Attempt

There are many tricks that cybercriminals use to disguise their phishing efforts, which can actually help you to identify them… as long as you know what you’re looking for.

  • The message’s content itself can provide a few clues. Generally speaking, any requests for a user to update or verify their credentials that are accompanied by (a little too) convenient links are most likely trying to get you to click through to a spoofed website where your credentials can be stolen. Are there any spelling and grammar mistakes?

  • The language contained in the email can also be indicative of an issue. Is the email sent to “Customer”, or is it sent to you? This lack of personalization is a sign that this email is likely a generic phishing attempt, as there is no reason for a legitimate business correspondence not to include details like your name.

  • Is it threatening? If the supposed sender is trying to cultivate a sense of fear and urgency, or has even included the threat of serious consequences, ask yourself if that seems like the best way for a legitimate business to communicate with a client, customer, coworker, or contact. On the other side of the coin, is the content of the message too good to be true, like claims that you won the grand prize in a contest that you never entered? This is a strong indicator of a phishing scam.

  • Are certain details within the email just a little bit… off? Are logos and branded banners in the message not quite the right color? Is the account that sent the message a business account, or a Gmail account that any J. Random Hacker could throw together? These are warning signs that something is rotten in the state of Denmark.

  • You also need to closely examine any (little too) convenient links, as referenced above. It is incredibly easy to make a hyperlink appear to say one thing while directing a user to another website entirely. Without clicking, hover your cursor over the link to check the URL. Does it include an unexpected subdomain (a word where ‘www’ usually is), or is it misspelled?

    Are there any additional periods or dashes in the URL before the first forward slash? For instance, 

“www.example.com/seewhatimean” 

and 

“www.example.com.sample/seewhatimean”
may look very similar at first glance, but only one will take a user to a legitimate domain.

Phishing is a frustrating issue to deal with, but it’s an even more frustrating thing if it is successful. Reach out to the professionals at Direct Technology Group to learn more best practices to avoid phishing attempts - call 954-739-4700 today!

You Don’t Hear About the Small Businesses That Get...
What Will Cybersecurity (Probably) Look Like in th...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 13 November 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Business Computing Cloud Google Hackers Malware Microsoft Network Security Efficiency Data User Tips Innovation Business Miscellaneous Software Backup Email Productivity Smartphones Hardware Internet Hosted Solutions Mobile Devices Workplace Tips communications Computer Android Productivity Smartphone Communication Cybersecurity Windows 10 Ransomware Browser Windows Tech Term Outsourced IT Social Media Network VoIP Upgrade Business Management Small Business Mobile Device Microsoft Office Save Money Employer-Employee Relationship IT Support Business Continuity Passwords IT Services Managed IT Services Bandwidth Managed IT Services Users Holiday Office Collaboration Windows 10 Apps Chrome Internet of Things Automation Gmail Quick Tips Gadgets Data Backup IT Support Marketing Alert Password Server Cloud Computing Disaster Recovery Wireless Applications Data Recovery Wi-Fi Facebook Router Remote Computing Business Intelligence Mobile Device Management Settings Hacking Virtualization Networking Managed Service Mobility App Computers Office Tips Apple Information Health BYOD Blockchain Application Saving Money Data Management Retail Website Operating System Office 365 Laptop Physical Security Access Control Managed Service Provider Excel Cybercrime Government Phishing VPN Law Enforcement Analytics Maintenance Patch Management iPhone Big Data Data Breach Lithium-ion battery Word Artificial Intelligence Virus Battery Spam Telephone Systems Social Engineering Biometrics VoIP Going Green History Twitter Managed IT Service Mouse Compliance Remote Monitoring Mobile Computing Google Drive Workers Safety Recovery Paperless Office Entertainment Environment Politics WiFi Value Scam Wireless Charging Dark Web Smart Technology User Error Tip of the week Payment Cards Best Practice BDR Files Tablet Virtual Assistant Shortcut Data storage Data Protection End of Support PowerPoint How To Tech Terms Remote Monitoring and Management Mobile Office Current Events Search Human Resources Cleaning RAM Bring Your Own Device Hosted Solution DDoS Robot Hard Drives Tech Support IT solutions Printer Employee-Employer Relationship Processor Vulnerability Healthcare Company Culture Risk Management Cortana Printer Server Telephony Customer Service Humor Managing Stress Data Security Internet Exlporer G Suite HIPAA Streaming Media Hybrid Cloud Fax Server The Internet of Things Medical IT Cost Management Connectivity Two-factor Authentication Sports Net Neutrality Voice over Internet Protocol Batteries Information Technology eWaste Science Bitcoin Wireless Internet Trends YouTube Amazon Worker Vulnerabilities Alerts OneNote Dongle Error Bluetooth Conferencing Windows 8 Help Desk Lead Generation A.I. NarrowBand IT budget Plug-In Downtime Remote Support Virtual Reality Hiring/Firing Cryptocurrency Work/Life Balance Windows Server 2008 R2 Avoiding Downtime Touchscreen Wearable Technology USB Content Filtering Database Social Remote Control Threats Automobile Certification Movies Wireless Technology IT Management Proactive IT People Bloatware Staffing Windows 7 Taskbar Technology Tips Microsoft Office 365 Running Cable User Tip Tactics Spam Blocking Scams Training Uninterrupted Power Supply WannaCry Unified Communications Chromecast Monitor Consultant File Sharing Entrepreneur Computer Accessories Access Time Management National Security Backup and Disaster Recovery Authentication Internet exploMicrosoft Telecommuting Internet Explorer Social Networking Email Management Tablets Project Management Antivirus Security Cameras Techology Hard Drive Network Attached Storage Analysis Meetings Reputation Best Available User Security Cameras Printers Chrome OS Updates Google Maps SSD Authorization Advertising Millennials Threat Licensing Insurance Education Wearables HaaS Processors Microsoft Teams Server Management Customer Business Technology Gadget Spotify Inventory Troubleshooting Distributed Denial of Service Private Cloud Printing Customer Relationship Management WIndows 7 Travel Memory Unified Threat Management Personal Information Shadow IT Flexibility Spyware Budget Machine Learning Electronic Health Records Cabling Windows Media Player Display Botnet Mobile Security Update File Management Public Cloud Paper Live Streaming SaaS Legal HP Touchpad Telecommute Reporting Sales Programming Employees Benchmarks Managed IT e-waste Outlook Managed Services Provider Voice over IP Ink Multi-Factor Security WhatsApp E-Commerce Document Management Cables Windows XP Data loss SharePoint Relocation Knowledge Solid State Drive Recycling Profitability Vendor Encryption PDF eCommerce Phone System News Analyitcs Payment Video Games Digital Staff GDPR User Comparison disposal Copy Hard Disk Drive Hacker Eliminating Downtime Notifications Online Shopping Downloads Black Market Telephone System instant Messaging Edge Video Webcam Websites Storage Specifications Paste