“Phishing” is the act of using email to deceive someone into providing personal/financial information or downloading a piece of malicious software. Simply put, phishing is an easy, cheap, and effective defrauding method.
More than 100 Billion spam emails are sent each day, with email filters blocking only 10% of them. Of those, nearly half are opened. It’s clear to see how phishing has become a multi-billion-dollar industry. Protect yourself, your organization and your corporate data by using these 5 easy tips for spotting phishing attacks.
Linked URLs are different from the one shown.
Often the URL in a phishing message will appear to be valid. However, if you hover your mouse over top of the URL, you will see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed then the message is likely a phish. This is more difficult to see and validate on a phone or tablet.
Look for URLs that contain misleading domain names.
Criminals use this phishing technique to trick victims that the message came from a company like Microsoft, eBay or the FBI. The phisher creates a child domain bearing the name for a well-known company like Amazon or Apple. The resulting domain name looks something like this: amazon.criminalphishingdomainname.com. It is the last part of the domain name that gives it away – in the previous example criminalphishingdomainname.com. Anything before this is meaningless or just misleading.
Beware of messages that ask for personal information.
Regardless of how official or convincing the email message looks if it is asking for confidential information you should be on high alert. Your bank doesn’t need you to send them your account number. Similarly, your credit card company should never send an email asking for your password, credit card number, or the answer to a security question.
If it seems too good to be true …
You know the old familiar saying and it is especially true when it is an email message. If you receive a message from someone who is making big promises, then the message is probably a con.
Watch out for messages demanding you to take immediate action.
Another phishing technique is to trick you into clicking a link urging you to take immediate action – the message may state that your account has been closed or put on hold, or that there’s been fraudulent activity that requires your immediate attention. It is conceivable to receive a legitimate message informing you to take action on your account. But to be safe don’t click the link in the email, no matter how genuine it appears to be. Instead, log into the account in question directly by visiting the appropriate website, then check your account status.