Have you ever received an email that you weren’t sure was legitimate? I think most of us have.
The first line of defense for your organization is YOU, the user.
Users are the first to see incoming messages, and having knowledge of these kinds of attacks is the most effective way to defend your organization!
Did you know that 93.8% of malicious attacks come from email?
These attacks are so popular with hackers because by nature, humans are reactionary.
- We react in a panic to urgent matters.
- We react with urgency to requests from our leaders.
- We react with curiosity to a promise of reward.
The most useful way to prevent these attacks is with knowledge.
- Does this look legitimate?
- How do I Find out?
- What do I do with it?
What is Phishing?
By definition: Phishing is the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords, credit cards, or social security numbers.
What is Spoofing?
By definition: Spoofing is a situation in which a person or program successfully masquerades as another by falsifying data, to gain an illegitimate advantage.
Both Phishing and Spoofing can be interchangeable in the same attack.
How to Detect Phishing or Spoofing
- Trust your gut. (If it walks like a duck, and talks like a duck…)
- Mouse-over or hover over the links and email addresses DO NOT CLICK. Is the link coming from where it says it’s coming from?
- Is the English broken, awkward, or punctuated incorrectly? This doesn’t happen as often anymore, but it is still a good indicator.
- Are they promising a reward that’s too good to be true?
- Is there a sense of urgency accompanied with the email?
- Are you, the recipient being addressed normally?
So, What Should I Do?
- The number one rule is DO NOT CLICK anything if you do not know exactly what it is!
- NEVER REPLY to an email you may suspect to be illegitimate. This will most likely send your email directly to the bad guys!
- If it appears to be coming from a vendor or customer of yours, pick up the phone and give them a call. “Hey Norm, Did you just send me an email?”
- If it’s asking you to CLICK HERE or similar to login to your account, go to the website as you would normally instead of clicking a link.
- If it appears to be coming from an internal email source, don’t reply directly from the email. Go see them in person, pick up the phone, or send a new email and ASK. “Hey Jim, Did you just send me a request to transfer $10,000?”
- Remember that the consequences are not worth alleviating your curiosity!
- Delete it. If they really want your attention bad enough, they will find a way to contact you otherwise.
Summary
Hackers have come up with many methods of trying to trick users into thinking that the phishing or spoofing email that they are sending is legitimate. Why do they do this? Because users fall for it over and over again!
Educate yourself. Educate others. Practice this at home and at work.
About Harbor Computer Services
Harbor Computer Services is an IT firm servicing Southeastern Michigan. We work exclusively under contract with our clients to provide technology direction and either become the IT department or provide assistance to the internal IT they already have. We have won many awards for our work over the years, including the worldwide Microsoft Partner of the Year in 2010. We’re the smallest firm to have ever won this most prestigious award. Most recently we were recognized as one of the top 20 visionaries in small business IT by ChannelPro Magazine (2015). And in 2016 as the top Michigan IT firm for Manufacturing. There are a few simple things that make Harbor Computer Services the best choice for your business. •We are Professionals •We are Responsible •We are Concerned About The Success of Your Business
