croom new

NuTech Services Blog

Think Before You Click: Spotting a Phishing Attempt

Think Before You Click: Spotting a Phishing Attempt

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from , right? Well, if you get an email about your password or telling you to log into your account and it’s from , you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from or emails from PayPal might come from . It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com - This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at NuTech Services. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

Know Your Tech: Virtual Machine
Microsoft is Constantly Improving Office 365
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 23 August 2019

Captcha Image

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Business Computing Hackers Google Hosted Solutions Microsoft Business Malware Email Workplace Tips Efficiency Internet User Tips Innovation Software Data Backup Mobile Devices Productivity Network Security Miscellaneous Computer Smartphones Hardware Windows 10 Productivity communications Android Browser Smartphone Business Continuity VoIP Small Business Tech Term IT Services Business Management Windows Network Communication Disaster Recovery Office Chrome Server Data Backup Ransomware Upgrade Cloud Computing Gadgets Collaboration Windows 10 Holiday Cybercrime Social Media IT Support Managed IT Services Alert Outsourced IT Data Recovery Mobile Device Save Money Microsoft Office Computers Automation Quick Tips Users Employer-Employee Relationship Spam Artificial Intelligence Managed IT Services Telephone Systems Virtualization Internet of Things Office 365 Router App Operating System Phishing Hacking Cybersecurity Law Enforcement Facebook Social Engineering Health Passwords Information Money Bandwidth Mobile Device Management Office Tips Password Applications How To Wi-Fi Remote Computing Marketing Mobility Application Settings Entertainment Google Drive BYOD Saving Money Big Data Encryption Word Work/Life Balance Networking Bring Your Own Device Two-factor Authentication Government Mobile Computing Mouse Gmail Managed Service Provider Private Cloud BDR Website Remote Monitoring Flexibility Lithium-ion battery Training Data Management Keyboard Wireless Safety The Internet of Things Education Sports Staff USB Recovery Managed Service Vulnerability Data Breach Human Resources Paperless Office Display VPN Data Protection Scam Cleaning Meetings Connectivity IT Support History Data Security Data Storage HaaS Voice over Internet Protocol WiFi Windows 7 Apps Virtual Reality Servers Firewall Social Battery Value Internet Exlporer Bluetooth Wearable Technology Data storage Avoiding Downtime Public Cloud IT Plan Hiring/Firing Fax Server Printer Automobile Digital Signage Legal Patch Management Redundancy Vendor Management Retail Virtual Assistant Unsupported Software Unified Threat Management Excel End of Support Net Neutrality OneNote Comparison Humor Hacker Charger Update CES PDF Biometrics Telephone System Apple Black Market Identity Theft Managed IT Infrastructure Environment Robot Telephony Machine Learning YouTube DDoS Help Desk Computer Care IT solutions Google Docs Content Management eWaste Botnet Access Control Electronic Medical Records Worker Computer Accessories Business Intelligence Augmented Reality Processor Software as a Service Samsung Budget Blockchain User Error Downtime Fraud Physical Security Spam Blocking Best Practice Cryptocurrency IT Management Risk Management Save Time Hard Drive Start Menu Cortana Cameras Files Worker Commute Employee Television Wireless Technology Millennials Remote Worker WIndows 7 Tablet Smart Office Shortcuts FENG Multi-Factor Security HIPAA Emergency Programming Manufacturing Outlook Investment Flash Amazon Microchip Windows 10s Shortcut Procurement Recycling Analytics Bloatware Safe Mode Database Current Events Telecommuting Nanotechnology Personal Information Tools Google Apps HVAC Public Computer Data loss People Chromecast Workforce Practices Smart Technology Wiring Netflix Streaming Media Relocation Managing Stress Document Management Vendor Loyalty Trending Cabling webinar Frequently Asked Questions Running Cable Monitor ROI Amazon Web Services Addiction Search Engine Uninterrupted Power Supply Criminal Hybrid Cloud Experience Entrepreneur Business Technology Knowledge SharePoint Remote Work Financial Workers Printer Server Analyitcs Enterprise Content Management Google Search Screen Mirroring Mobile Office Hosted Computing Two Factor Authentication Social Networking Smart Tech Camera Employer Employee Relationship Online Shopping Computing Infrastructure Tablets SaaS Windows Media Player MSP Cables Conferencing Tip of the week Reputation GDPR Sync Cache Bing Solid State Drive Music Biometric Security Network Congestion Software Tips Search Notifications Virtual Machine Internet exploMicrosoft Content Consultant Password Management Proactive IT IBM Cast Going Green FCC Inventory Video Games Evernote Virus Hard Drives Security Cameras Specifications Digital Signature Techology Transportation File Sharing Default App Emails Windows Server 2008 Customer Windows Server 2008 R2 Science Wireless Internet Audit Tech Support PowerPoint Information Technology Troubleshooting User 5G IT Consultant Credit Cards How to Maintenance Hypervisor Password Manager Advertising Audiobook Best Available NIST ISP Supercomputer Laptop Title II Scalability Customer Relationship Management Devices Warranty Skype Wireless Charging iPhone Memory Smartwatch Assessment Root Cause Analysis NarrowBand Accountants Benefits Distributed Denial of Service Windows 8 Wire Computer Fan Shadow IT Books OLED Leadership HBO IT Infrastructure Rootkit Saving Time Travel Business Mangement Politics Cryptomining Touchpad Online Authentication Instant Messaging Customer Service Thought Leadership Administrator IT solutions Twitter Printers Phone System CrashOverride Compliance Company Culture Webinar Regulation

Mobile? Grab this Article!

Qr Code

Upcoming Events

No events

Recent Comments

No comments yet.

Latest Blog Entry

Small business owners have a lot on their minds and a ton of responsibilities that the average employee doesn’t have. Small businesses often force business owners into taking on various roles that may or may not fit their specific skill set, including CIO or CTO. Of course, ...

Latest News

NuTech Services launches new website!

NuTech Services is proud to announce the launch of our new website at www.nutechology.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

Read more ...

Account Login