Are You Having A Technology Emergency?

Datalyst Blog

Datalyst has been serving the Massachusetts area since 2010, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

The Ultimate Guide for Spotting a Scam or Phishing Attack

The Ultimate Guide for Spotting a Scam or Phishing Attack

Cybercriminals have been resorting to clever scams to steal personal information and gain access to company networks. They also use these types of social-engineered scams to distribute malware and cause other problems for organizations. We encourage you to take this blog post and share it around your office, or even print it out to help your employees and colleagues prevent dangerous threats and embarrassing mistakes from happening.

Be Skeptical About Everything, Especially the Urgent Stuff

The first step towards being safe online is to simply be skeptical. If someone or something is rushing you to do something, there’s a decent chance that the sender is attempting to brute force their way past your ability to reason.

This has been a long-time staple in marketing. Remember in the 90’s when commercials for products would encourage you to “order today to receive this one-of-a-kind platinum token!” or “if you order now, we’ll send you a second bottle of our stain remover, but only while supplies last!” These messages were designed to motivate you to act without thinking in order to get a little bit more and to feel validated for what the message is asking you to do. 

Scammers and cybercriminals use the same playbook. They try to get you excited about something using urgency, and try to get you to react without thinking. Instead of getting you to buy something, they are just trying to get you to click or download something malicious.

For example, you could get an email that looks like it is your bank, or one of your vendors, or your Facebook account, or literally anything else online. It might say something along the lines like “Uh oh, your ____ account has experienced a suspicious login, please click here to log into your account to verify your identity!”

That’s a pretty legitimate message. In fact, some organizations might use something very similar IF they detected something suspicious going on with your account. 

These days, you can’t really be certain if an unsolicited message is legitimate or not. The best thing to do is to NOT click the links or attachments in an email you didn’t expect, and instead log into the account using a bookmark you have in your browser, in your password manager, or just doing a Google search to get to the site you want to log into. That way, you don’t even have to look to see if the link is suspicious, and you can investigate the issue to see if it’s real or not.

Spotting a Phishing Attack

Phishing attacks are emails that are designed to look legitimate, but are actually cleverly disguised traps. As mentioned above, a lot of them use urgency to try to get you to let down your defenses and start clicking away. 

Before you click on any link in an email, take a quick look at the URL that the link is going to.

Now, when we say a link, we mean anything that you can hover your mouse over and click on. That means buttons, graphics, text, banners, icons, etc. If it’s clickable, it’s taking you to a link, and knowing the link’s destination can tell you whether it is legitimate or not.

To determine the link URL, you need to hover your mouse over the clickable part in the email, and look at the bottom of the screen, typically on the left for most email clients. It will show you an address that starts with http.

For our example, we’re going to use Amazon.com, and how to spot something suspicious. It’s all about looking for periods in the address, and noting where the periods are.

If there is a period AFTER the domain name of the website you want to go to, then it might be a trap.

Let’s take a look at another example, using PayPal:

  • paypal.com - Safe
  • paypal.com/activatecard - Safe
  • business.paypal.com - Safe
  • business.paypal.com/retail - Safe
  • paypal.com.activatecard.net - Suspicious!
  • paypal.com.activatecard.net/secure - Suspicious!
  • paypal.com/activatecard/tinyurl.com/retail - Suspicious!

Keep in mind, these URLs above may or may not be real, we’re just making them up for the sake of an example!

Scams Can Be Very Personal

The most effective scams start with some research. It’s easy for cybercriminals to just build a phishing email and send it out to a million recipients, but they know they can get a more guaranteed return if they target an organization and use public information to sneak their way in.

For example, they could do a little research and find out who the CEO is and what his or her email is. Then they can spoof that email and send emails to employees requesting to authorize payment to a certain account or something along those lines.

The best defense against this is to simply call and get confirmation before you take any action on an email that has to do with giving somebody access to something or authorizing money or information transfers. 

Yes, it might be annoying, and it might seem frivolous, but building this sort of zero-trust habit pays off in the long run, and reinforcing it with everybody you work with will gradually spread this habit out and help prevent others from falling for scams.

Need Help Securing Your Business?

We’re unique compared to other IT companies, in that we strongly prioritize cybersecurity. If you suspect your business is getting fraudulent emails and phishing attacks, or you want to strengthen your security to prevent potential issues (including spam filtering, staff training, meeting compliance regulations, and more), give us a call at (774) 213-9701 to talk about how we can protect your organization from threats of all kinds.

Exploring Some Ways Windows 11 Boosts Productivity
How to Go About Finding the Right Technology for Y...
Comment for this post has been locked by admin.
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Tuesday, November 12 2024

Captcha Image

Contact Us

Learn more about what Datalyst can do for your business.

Call Us Today
Call us today
(774) 213-9701

10 Riverside Drive
Suite 106

Lakeville, Massachusetts 02347

The United States Patent and Trademark Office reference number: 5,341,888

Latest Blog

Can you tell the difference between your colleagues and a scammer with access to their email account? This is essentially what a business email compromise attack involves—a scammer initiates a phishing scheme using an internal mode of commu...
 

Best IT Managed Service Providers in Providence

TOP