Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Think Before You Click: Spotting a Phishing Attempt

Think Before You Click: Spotting a Phishing Attempt

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from something@facebook.com, right? Well, if you get an email about your password or telling you to log into your account and it’s from something@faecbook.com, you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from something@amazn.com or emails from PayPal might come from something@paypalsupport.com. It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com - This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Total Tech Care. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 25 December 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Business Google Network Security Microsoft Internet Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices Hardware IT Services Android VoIP Disaster Recovery communications Business Continuity Smartphones IT Support Communication Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Quick Tips Cybersecurity Business Management Users Windows Phishing Upgrade Managed IT Services Outsourced IT Data Backup Ransomware Windows 10 Office Data Recovery Cloud Computing Server Save Money Passwords Windows 10 Saving Money Holiday Gadgets Chrome Tech Term Virtualization Social Media Managed IT Services Managed Service Microsoft Office Automation Cybercrime Artificial Intelligence Operating System Facebook Computers Health BYOD Internet of Things Mobile Device Management Networking Wi-Fi IT Support Hacking Alert Covid-19 Spam Information Managed Service Provider Office 365 Telephone Systems Information Technology Remote Recovery Employer-Employee Relationship BDR Bandwidth Social Engineering Mobility Router Law Enforcement Human Resources Application Remote Monitoring Password Money Big Data App Encryption History Applications Data Breach Mobile Computing Private Cloud Remote Computing How To Blockchain Managed IT Paperless Office Mobile Office Apps Data Storage Patch Management Office Tips Training VPN Government IT solutions Avoiding Downtime Entertainment Website Data Security Budget Two-factor Authentication Mouse HaaS Bring Your Own Device Data Management Work/Life Balance Vulnerability Infrastructure Voice over Internet Protocol Windows 7 Word Wireless Google Drive Flexibility Servers Marketing Gmail WiFi Settings Firewall USB Virtual Reality Vendor Apple Save Time Managed Services Display Social Software as a Service Telephone System Staff User Error Machine Learning Meetings Cleaning Connectivity Employee/Employer Relationship Remote Work Conferencing RMM Scam Risk Management End of Support Hacker Education Physical Security Safety The Internet of Things HIPAA Lithium-ion battery Sports Redundancy Vendor Management Data Protection Keyboard YouTube Compliance Help Desk Comparison Printer OneNote Printing Black Market Computer Care Bluetooth Fax Server Current Events CES Telephony Samsung SaaS Document Management Business Technology Managed Services Provider Content Management Wireless Technology Access Control Solid State Drive How to Downtime Value Database IT Consultant Network Congestion Virtual Assistant Remote Workers Authentication Electronic Medical Records eWaste Spam Blocking Data storage Humor Automobile Processor Hiring/Firing Update Computing Infrastructure Hard Drive Going Green Wearable Technology Hard Drives Retail Google Docs Instant Messaging Computing Identity Theft Robot Excel Battery Business Intelligence Biometrics Shadow IT Audit Worker Virtual Desktop Legal IT Management Virus Augmented Reality Internet Exlporer Digital Signage Fraud DDoS Botnet Unified Threat Management IT Plan SharePoint Computer Accessories PDF Remote Worker Unsupported Software Cryptocurrency Procurement Proactive IT Charger Net Neutrality Customer Service Workplace Strategy Environment Best Practice Hosted Computing Antivirus Experience Sync Employees GDPR Emails Employee/Employer Relationships Windows 8 Scalability Wireless Internet ISP Online Shopping Windows 365 IT service Business Owner Video Conferencing File Sharing ROI NarrowBand Inventory Two Factor Authentication Shortcuts Specifications Printer Server Sales Camera Netflix Bitcoin Point of Sale Tablet Search Root Cause Analysis Personal Wire Cryptomining Evernote Travel Domains HBO Supply Chain Management iPhone Knowledge Music Batteries Millennials Skype Monitoring Printers Windows 8.1 Data loss Digitize Smart Office Wireless Charging IaaS Maintenance Bloatware Outlook Files Leadership Windows Server 2008 R2 Troubleshooting Chromecast Workforce Start Menu Customer relationships Virtual Private Network Email Best Practices Tablets Screen Mirroring IT Assessment Loyalty Manufacturing Cables Entrepreneur Frequently Asked Questions Colocation Uninterrupted Power Supply Books Managed IT Service Nanotechnology Security Cameras Telecommuting Mobile Computer Tips Project Management Windows 10s Virtual CIO Cast OneDrive Monitor Biometric Security Cortana Shortcut Consultant Cost Management Tip of the week Peripheral webinar Digital Signature Emergency Public Cloud Using Data Employer Employee Relationship Social Networking Analytics Professional Services Digital Security Cameras Warranty Copiers Reputation HVAC Assessment 5G Streaming Media Google Apps Best Available Content Windows Server 2008 Quick Tip Tech Support Analysis Laptop Devices Smartwatch Running Cable WIndows 7 Tools Ergonomics Techology Administrator Memory Development Customers Enterprise Content Management Television OLED Audiobook PCI DSS MSP Virtual Machine Accountants Fiber Optics Touchpad Thought Leadership Employee Credit Cards 2FA Microchip Messaging Password Management Public Computer Cabling Password Manager Transportation Multi-Factor Security Politics Regulations Policy Advertising Hypervisor Computer Fan Trend Micro Twitter Rootkit User PowerPoint Dark mode Science Windows Media Player Search Engine SMS NIST Default App Notifications Business Mangement Benefits Trending Procedure Workers Saving Time Smart Tech FENG Shopping Addiction Google Search Amazon Distributed Denial of Service Managing Stress Customer Relationship Management dark theme Analyitcs AI Relocation IBM IT Infrastructure Recycling Smart Technology Bing Programming Cameras Flash FinTech Wiring Practices Video Games Social Network Cache Amazon Web Services Worker Commute Software Tips Safe Mode Supercomputer Investment Criminal

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code