Gone Phishing: Don’t Take the Bait!
Small businesses are one of the most common targets for cyber security attacks within the United States. The primary reason for this is typically due to a lack of dedicated cyber security staff. One of the most common tactics hackers use to compromise security is called phishing. Phishing is when a criminal sends out an email that appears to be from a legitimate company; the email will almost always ask you to provide personal or banking information that will then go back to said criminal for their own use. The term phishing was coined because in this way, the scammers are casting out a lure hoping end-users will take the bait. Phishing emails can expose your business to ransomware, which could compromise sensitive information or even capture usernames and passwords. Here are some tips to help you recognize a phishing email:
- The first red flag here is the lack of recipient name. If the recipient was legitimately being contacted by PayPal, his or her name and account number would already be disclosed in the email.
- The easiest way to determine whether or not you’re being phished is to look at the sender’s domain. In this particular instance, the domain does not link back to a legitimate PayPal email address, so we can be sure this is a phishing attempt.
- If an email has glaring spelling and grammatical errors such as this one, chances are it’s not a legitimate email.
- Another helpful tip to find a phishing email is to hover over the hyperlinks. Most of the time that will reveal an extensive, suspicious URL.
So, we’ve gone through the motions and have determined we’ve found a phishing email. Now what? The primary thing to remember is to never, EVER click the links or visit the websites they provide in the email. Always verify the legitimate web addresses yourself. In this example, we would recommend going to PayPal’s website and comparing the hyperlinks to the ones provided in the email.
Blue Tier Technology offers free, comprehensive technology evaluations that can help you pinpoint any security vulnerabilities within your organization. One of many features of this evaluation includes a 30-day trial of end-user phishing security awareness training. Contact us today for additional details via phone (918-215-5222 ) or email (firstname.lastname@example.org).