Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Think Before You Click: Spotting a Phishing Attempt

Total Tech Care Blog Security
0 Comments
Think Before You Click: Spotting a Phishing Attempt

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from something@facebook.com, right? Well, if you get an email about your password or telling you to log into your account and it’s from something@faecbook.com, you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from something@amazn.com or emails from PayPal might come from something@paypalsupport.com. It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com - This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Total Tech Care. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

Tweet
Tags:
Spam Phishing Network Security
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 24 January 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Google Business Network Security Microsoft Internet Email Malware Workplace Tips Backup Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications Business Continuity Communication IT Support Smartphones Miscellaneous Smartphone Mobile Device Network Browser Small Business Productivity Collaboration Cybersecurity Quick Tips Users Business Management Phishing Upgrade Managed IT Services Windows Outsourced IT Ransomware Data Backup Windows 10 Office Cloud Computing Server Save Money Data Recovery Windows 10 Passwords Saving Money Holiday Tech Term Social Media Chrome Gadgets Virtualization Managed Service Automation Managed IT Services Microsoft Office Facebook Operating System Cybercrime Artificial Intelligence Computers BYOD Mobile Device Management Networking IT Support Internet of Things Health Hacking Wi-Fi Information Telephone Systems Information Technology Remote Managed Service Provider Alert Covid-19 Spam Office 365 Bandwidth Router Recovery Employer-Employee Relationship BDR Social Engineering Mobility Encryption Application App Applications History Law Enforcement Big Data Human Resources Data Breach Remote Monitoring Password Money Mobile Computing Office Tips Training Data Storage VPN Patch Management Government Private Cloud Remote Computing Managed IT Mobile Office Apps Blockchain Paperless Office How To Wireless Google Drive Infrastructure Voice over Internet Protocol Gmail Vulnerability Avoiding Downtime Settings Windows 7 Word Two-factor Authentication Servers Mouse HaaS Flexibility Bring Your Own Device Data Management Work/Life Balance Marketing WiFi Data Security IT solutions Entertainment Website Budget Risk Management Education USB Physical Security Connectivity Remote Work Hacker Safety HIPAA Sports The Internet of Things Redundancy Lithium-ion battery Keyboard Conferencing Scam Firewall Data Protection Virtual Reality Apple Vendor Save Time Vendor Management Managed Services Display Social User Error Cleaning Meetings Employee/Employer Relationship Software as a Service Telephone System RMM Staff End of Support Machine Learning Update Biometrics Spam Blocking Electronic Medical Records Virtual Desktop Internet Exlporer IT Consultant Google Docs DDoS Digital Signage Hiring/Firing Identity Theft PDF SharePoint Humor Proactive IT Best Practice Augmented Reality Procurement Net Neutrality Fraud Customer Service YouTube Workplace Strategy Environment Black Market Business Intelligence Help Desk Remote Worker Printing Audit Worker Fax Server IT Management Cryptocurrency Document Management Botnet SaaS Solid State Drive Wireless Technology Downtime IT Plan Managed Services Provider How to Comparison Virus Database Data storage Unsupported Software CES Network Congestion eWaste Automobile Unified Threat Management Remote Workers Computer Accessories Charger Business Technology Processor Content Management Access Control Compliance Computing Infrastructure OneNote Computer Care Going Green Virtual Assistant Hard Drive Current Events Authentication Wearable Technology Telephony Printer Samsung Retail Hard Drives Battery Bluetooth Instant Messaging Computing Robot Excel Shadow IT Value Legal Troubleshooting PCI DSS Outlook Virtual Machine Leadership Digital Signature Fiber Optics Employee Politics Advertising 2FA Start Menu Warranty Messaging Screen Mirroring HVAC Cabling Loyalty Google Apps Books Notifications Policy Frequently Asked Questions Hypervisor Analysis Trend Micro Windows 10s Devices Science Dark mode Mobile Administrator SMS Cast Enterprise Content Management Default App Emergency Relocation Procedure Tip of the week MSP Saving Time webinar Accountants Professional Services Microchip Shopping Public Cloud Thought Leadership Distributed Denial of Service Google Search Employer Employee Relationship Credit Cards Customer Relationship Management dark theme Analyitcs AI Password Management IT Infrastructure Assessment Password Manager Video Games Bing Worker Commute Multi-Factor Security Programming FinTech Windows Server 2008 Tools Search Engine Social Network Twitter Experience Consultant Analytics NIST Investment Television Business Mangement Scalability Smart Tech Antivirus Business Owner Trending Employees Employee/Employer Relationships Addiction ISP Amazon Best Available Windows 8 NarrowBand Windows 365 Video Conferencing ROI Public Computer Recycling IT service Search WIndows 7 Practices Shortcuts Transportation iPhone Sales Regulations Wiring Bitcoin Personal Computer Fan Cache Cryptomining Rootkit Amazon Web Services Tablet Point of Sale Supply Chain Management Safe Mode Criminal Domains Workers Hosted Computing Benefits Files Monitoring GDPR Batteries Digitize FENG Wireless Internet IaaS Online Shopping Maintenance Chromecast Windows 8.1 User Bloatware PowerPoint Windows Media Player File Sharing Windows Server 2008 R2 IBM Inventory Smart Technology Specifications Colocation Uninterrupted Power Supply Customer relationships Flash Camera IT Assessment Wire Manufacturing Evernote Tablets Email Best Practices Managing Stress Travel Entrepreneur Monitor Software Tips Supercomputer Emails Security Cameras Millennials Computer Tips Sync Printers Managed IT Service Virtual CIO Cameras OneDrive Smart Office Biometric Security Wireless Charging Shortcut Cost Management Reputation Streaming Media Peripheral Using Data Netflix Content Two Factor Authentication Workforce Social Networking Tech Support Digital Security Cameras Virtual Private Network Laptop Copiers Root Cause Analysis 5G Cables Techology Music Customers Quick Tip HBO Knowledge Nanotechnology Running Cable Smartwatch Audiobook Telecommuting Ergonomics Skype Project Management Touchpad Printer Server Development Data loss OLED Cortana Memory

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code