Phishing is one of the most commonly used attacks against users. By way of email, those with malicious intent will contact unsuspecting persons, asking them to click a link or download a file. Generally, the end goal is to infect the user’s computer with malware or get them to submit important personal or business information or credentials. First Business receives a report nearly every day from one of our employees who receive a very clever and convincing phishing email.
What can you do?
First: Understand that spam and junk filters do not catch all malicious email.
Second: Know what signs to look for in a phishing email. The vast majority of phishing attempts are fairly easy to recognize and avoid. Here are a few aspects of phishing emails that can help you recognize their true nature:
- Look at the from address and be sure you recognize it.
Then take a second look at the domain name for example, firstbusiness.com. Make sure it’s spelled correctly. In the office, an internal email from your coworker would display only his or her name. If it also shows the full email address, it came from the outside.
- Look for a reply address that matches the from address.
Check that the message is well composed with the grammar and spelling you would expect from the sender, whether it’s your client, your brother, or your credit card company.
- If there is a link in the email, does it match the destination?
By hovering your mouse over the link (without clicking on it), your email application will show its actual destination. Again, take a second look at the domain. Be sure it is a domain you would expect.
- Misspelling a domain is a very common tactic (flrstbusiness.com vs. firstbusiness.com).
At a glance, they look the same, but one will take you to First Business, and the other will take you somewhere you don’t want to go.
- Does the email ask you for personal information?
Most organizations would never ask for personal information in an email or ask you to reconfirm your password and account information.
- Trust your gut!
If something doesn’t seem right, it probably isn’t. If you are not sure and are worried there is something urgent that needs your attention, then contact that company/organization as you normally would.
Never use the email links or any information from a suspected phishing email to contact them, including the phone number! Understand that email phishing works on unsuspecting people every day. Even emails that seem farfetched work all the time like Send me $100,000 so I can give you my inheritance But those aren’t the only emails that get sent – there are often crafty and well-constructed emails that require a close look to notice they are malicious. So take that second look and check before you click, download, or enter your information. Please take a moment to consider this information. If you have questions, please be sure to contact your organization’s IT department for assistance.