What is Phishing?
Phishing scams are designed to collect personal information by luring unsuspecting employees into giving it away by convincingly impersonating well-known brands, such as Microsoft or Netflix. Their goal is to get the target user to click on a URL that leads to a fake web form that can be incredibly difficult to distinguish from the real brand’s site. Once the target clicks on the URL – they’re on the hook.
Common phishing email subject lines include:
- “Your account has been deactivated”
- “Please update your banking information”
- “Please update your password”
What is Spear Phishing?
Spear phishing can be much more dangerous because these attacks are highly targeted. Unlike mass distributed phishing schemes which cast a wide net, spear phishers personalize their emails to make you believe you know the sender.
Common spear phishing scams will fabricate a sense of urgency and take advantage of it. For example, by impersonating a:
- Senior staff member to trick employees into transferring them money or tax information.
- Friend who is in trouble on vacation and needs money wired to them immediately.
- Company you’ve made a recent purchase from, like Amazon, to fool you into installing ransomware.
Spotting Phishing Attacks
Here are 5 ways to spot phishing attacks before it’s too late:
- They’re asking you for sensitive information not usually given over email.
Legitimate companies don’t request sensitive information – like your credit card information or passwords – over email. If you’re worried the email is genuine, you should follow up with the company by searching for their website or calling them directly. Do not click anywhere in that email.
- The sender’s email address seems phishy.
Always check the sender’s email address and keep an eye out for anything that doesn’t seem right. Remember that legitimate companies have domain emails that phishers will try and mimic. It’s a red flag when the email ends with “@Mail.Amazon.Work.com” instead of “@Amazon.com”.
- The included link is pretending to be something it’s not.
Before clicking on anything, use your mouse to hover over the link (without clicking) to see if the URL matches the displayed text.
- The email is filled with spelling and grammar mistakes.
One of the telltale signs of a scam is bad spelling and grammar. Big companies have teams who review all their online communication and wouldn’t send something out with such obvious mistakes.
- The email contains an unsolicited attachment.
Legitimate companies will usually encourage you to download documents through their own website, however, will not send emails containing attachments.
Protecting your Business
Think your employees know better than to fall for a phishing scam? Think again – it’s one of the leading causes of data breaches. Don’t leave your company’s data security up to chance.
Omega Network Solutions provides reliable and cost-effective IT Security Services. Including Omega Shield which protects against deceitful cyber-attacks by:
- Providing valuable and ongoing security training to employees.
- Providing regular Security Threat Reports to measure and track the strength of your organization’s overall cybersecurity protection.
- Proactively monitoring the dark web for compromised data.
- Managing an Email Protection Service that filters emails and scans for viruses to protect your network.