How to Identify Phishing Emails
With the rising number of cyber criminals on the hunt for private information, cyber security has become a paramount priority of the digital age. As our world becomes increasingly computerized and dependent on internet connectivity the room for cyber risk climbs higher and higher. According to Symantec’s 2018 Internet Security Threat Report, 54.6% of all email correspondence was recorded as spam. The report found that the average user receives 16 malicious spam emails per month. That’s nearly 200 dangerous emails to dodge over a single year. Falling into just one of these phishing traps could compromise your financials, identity, or worse. Researchers with Kaspersky Lab discovered that between 2017 and 2018, email phishing scam attempts more than doubled. These alarming statistics show no signs of stopping. Using old and new methods today’s cyber criminal continues to be an omnipresent threat to users across the globe.
What Is Phishing?
Fraudulent phishing is a lot like open water fishing; cyber criminals cast their line of digital bait through email and innocent users bite if the content is alluring enough. Cyber criminals are able to keep their scam afloat attempt after attempt because users are easy to lure in if everything looks legitimate. It’s this facade of legitimacy that cyber criminals rely on for successful breaches. At its core, phishing is the act of sending emails posing as a reputable source with the intent to distribute malicious links. Through these links, hackers can: steal your usernames and passwords, sell your information to other parties, open credit cards and bank accounts in your name, gain access to your social security number, ruin your credit score, steal your money, and obtain cash advances
How do Cyber Criminals Target Users?
Though there are a number of different tactics cyber criminals use to target users these very common phishing attack methods are ones they regularly employ. 1. Spear phishing: Spear Phishing is among one of the more sophisticated forms of phishing because it utilizes the target’s personal information to build credibility. These slick criminals use your name, workplace, position title, phone number, and other personal credentials to trick you into believing you have a genuine connection with them. Social media platforms like Facebook and LinkedIn are spear-phishers’ primary resource for curating key details about their targets. Be careful about those innocent looking quizzes that ask for things like your age and pets’ names. This classification of email phishing likely includes references to coworkers and relevant locations. 2. Whaling: Whaling is a sub type of spear phishing that exclusively targets senior executives within an organization. Using the same tactics as spear phishing whaling attacks aim to harpoon senior executives’ login credentials. With those login credentials hackers gain access to the tools needed to authorize large payments. These phishing attempts are also called business email compromise (BEC) scams. A 2017 FBI Internet Crime Report calculated over $675 million in losses due to whaling attacks. The 2018 report doubled that number reaching $1.2 billion in losses. 4.Pharming: Pharming is a more complex form of phishing that depends on domain name system cache poisoning to redirect users from a reputable website to a fraudulent one. Even if you’ve correctly entered the website URL an attacker can still redirect you to the compromised site of their choosing. If you fall victim to their fraudulent site redirect and enter any personal information the hacker has all they need to uncover your credit card number, bank account number, and passwords. 5. File-sharing phishing: The vast majority of the digital world depends on the storage and file sharing services provided by Google Drive, Dropbox, and DocuSign. Millions of people all across the globe use each of these services for personal and professional reasons. Hackers trick users into entering login credentials by creating exact log in web pages. These fake pages may even be hosted on the legitimate site’s domain. 6. SMS phishing: SMS phishing has been on a steady rise since the global takeover of web connected smartphones. A text message sent by a cyber criminal will contain a malicious link that can lead to the installation of a hazardous app. Through this app the hacker can track your keystrokes, steal your identity, and/or hold your private files for ransom.
How Does Phishing Affect My Computer?
Though it may seem like phishing only affects the status of your livelihood it can also damage the health of your computer. In addition to swiping your personal and financial data, successful phishing attacks can infect your PC with harrowing malware. Unfortunately, these nasty programs are a common feature within a larger invasion of privacy. Ransomware, spyware, Trojans, and viruses are among the most popular types of malware that come attached to email phishing scams. Each of these damaging infections can destroy your computer’s performance and basic functionality, effectively turning it into a hub for further damage if action is not taken. You could even unknowingly be part of a larger botnet network. A botnet is a web of internet-connected devices strung together by malware distributed by a cyber criminal. They’re used to orchestrate larger denial of service, spam, identity theft, and money laundering scams.
How Can I Identify Phishing Emails?
Figuring out how to identify phishing emails is difficult when the tides of cyber criminal activity are constantly changing. However, it is not impossible. Phishing emails all have one thing in common; they want your information. Handle all emails that request credential confirmation with extreme caution before taking any action. Use these 5 tips to protect yourself and your digital devices. Phishing Red Flag #1. The email is designed to cause panic. Since phishing scams are completely dependent on whether a user clicks through and falls for the trap it’s not uncommon for cyber criminals to employ scare tactics. For example, an email demanding you visit the attached link and enter your login credentials as quickly as possible to avoid account closure is likely fraudulent. Another common example of a panic designed email is one that claims your account has been compromised and the only way to verify it is by entering your login credentials. Phishing Red Flag #2. There’s a suspicious attachment. Any email from an unknown sender that features an attachment is a glaring red flag that you should be quick to call out. Odds are that the attachment contains a damaging form of malware that could compromise your device. Though it’s a safe practice to simply delete any emails from unknown senders that contain dubious attachments if you believe the email and attachment are genuine, employ the help of an antivirus software scan to double check. Better safe than sorry. Phishing Red Flag #3. The email address looks fishy. The vast majority of modern email providers have intelligent methods of sifting through what they determine as spam and ordinary mail. However, some spam can slip under the radar and end up in your regular inbox, ready for opening. One of the trickiest tactics cyber criminals use to dupe targets is using email addresses that are just a word or domain name away from a legitimate site’s true email address. At first glance, these email addresses look authentic, but upon closer examination, you’ll quickly see an added number or letter, or an obvious variation. For example, addresses like @Faceb00kmail.com or @mail.apple.corp are clear knockoff addresses from the true @Facebookmail.com and @apple.com. Phishing Red Flag #4. The email asks you to confirm personal credentials. Any email asking you to confirm your personal information that you would never provide otherwise is an immediate red flag. This includes bank account details and login credentials. Do not reply to these emails or click any attached links as they are likely phishing scams. If you believe there is a chance that the email could be legitimate search for the organization and find a direct contact number and complete any actions over the phone if possible. Be wary of any included phone numbers in the email they could direct you another fraudulent source that could be posing as a legitimate company. Phishing Red Flag #5. There are spelling or grammatical errors. Any reputable company has a team of copy writing professionals that keep a keen eye out for any flagrant grammatical or spelling errors. In fact, one of the easiest ways to identify a phishing email is by reading through the content. Be on the lookout for strange phrasing or improper vocabulary usage as these are tell tale signs that the email sitting in your inbox is not from the source you think it is. Any email riddled with mistakes should raise an eyebrow as is but be even more careful when you receive emails that just seem off.
At Dallas Network Services, we work with a large variety of businesses based in Dallas and Fort Worth (DFW) and the surrounding area such as Addison, Plano, Carrollton, Denton, Richardson, Garland and beyond. We also extend our reach outside the area to include all Texas and other states. We provide on premise server support including Microsoft Exchange as well as Cloud computing services and hosted solutions. We specialize project services, network support, desktop support and voice over IP (VoIP) business phones. Our fully managed IT services will improve your business reliability as well as your bottom line. Contact us today at www.dallasnetworkservices.com chat or call 214-696-6630. #DNS# #dallasnetworkservices #techsupport #hacker #cybersecurity #ITconsulting #MSP