Learn to Spot the Telltale Signs of a Phishing Attack
The phish are biting. Learning to identify the common lures can help keep your organization from becoming the catch of the day.
Phishing is a type of online scam in which attackers use spoofed emails or text messages to trick people into revealing sensitive information or installing malicious software such as ransomware. Such attacks are becoming more frequent and costly than ever, according to Proofpoint’s 2023 State of the Phish report. More than 80 percent of organizations were victimized by at least one successful phishing attack in 2022, with direct financial losses increasing by 76 percent over the previous year.
Endpoint security, web filtering, secure remote access and other security technologies can provide increased protection from phishing, but organizations must complement those tools with comprehensive employee training and education programs. The Proofpoint study finds that most employees have poor awareness of basic cyber threats — more than a third of survey respondents could not define the terms malware, phishing or ransomware.
Common Indicators of a Phishing Attack
Training programs should focus on helping employees recognize common indicators of a phishing attack:
- Suspicious sender information. Check the sender’s email address and make sure it comes from a legitimate source. Be particularly wary of emails from a public email domain — professional organizations won’t send emails from Gmail or Hotmail accounts. Teach employees how to identify the true source of an email or a hyperlink by hovering their mouse pointer over the link or the address.
- Impersonal greetings. Phishing emails often use generic salutations such as “Dear account holder” or “To our valued customer.” Legitimate companies are more likely to address you by name.
- Requests for personal information. Legitimate organizations will never ask for sensitive information such as passwords, Social Security numbers or credit card numbers by email. Be cautious of emails that ask you to update your account information or that require you to provide personal information to resolve an issue.
- Urgent or threatening language. Phishing scams are meant to make you act quickly without taking the time to fully investigate. They commonly urge recipients to take action immediately to avoid having an account suspended or terminated. Legitimate organizations don’t deliver such news via email or text.
- Questionable offers. Deals or rewards that seem too good to be true are also designed to get you to act quickly without considering the risk. For example, authorities report an uptick in recruitment scams designed to entice job seekers to provide personal information or click on dangerous links.
- Embedded hyperlinks. An unsolicited email with an embedded link is a huge red flag. Attackers use these links to direct users to malicious websites where they can be tricked into providing sensitive information or downloading malware. Be wary of links that use URL shorteners or have a suspicious or unfamiliar domain name.
- Unsolicited attachments. An unsolicited email with an attachment is another red flag. Legitimate companies are more likely to provide instructions about downloading information from their website. Be especially wary of email attachments in unusual file formats, such as .exe or .zip files.
- Poor spelling and grammar. Phishing emails often come from countries where English is not the native language. Scripts written in the phisher’s native language are run through online translation engines, resulting in spelling, grammar, logic and syntax errors. Legitimate organizations usually proofread their emails carefully before sending them.
Phishing is a type of online scam in which attackers use spoofed emails or text messages to trick people.
Keep in mind that phishing attacks are increasingly sophisticated and some will not have these indicators. An employee’s greatest skill is a heightened awareness that causes them to pause and think before being lured in.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.