Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Think Before You Click: Spotting a Phishing Attempt

Total Tech Care Blog Security
0 Comments
Think Before You Click: Spotting a Phishing Attempt

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from something@facebook.com, right? Well, if you get an email about your password or telling you to log into your account and it’s from something@faecbook.com, you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from something@amazn.com or emails from PayPal might come from something@paypalsupport.com. It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com - This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Total Tech Care. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

Tweet
Tags:
Spam Phishing Network Security
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 02 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Workplace Tips Backup Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications Business Continuity Smartphones Communication IT Support Smartphone Miscellaneous Mobile Device Small Business Network Browser Collaboration Productivity Quick Tips Cybersecurity Users Business Management Managed IT Services Upgrade Windows Phishing Outsourced IT Ransomware Data Backup Windows 10 Office Data Recovery Server Save Money Cloud Computing Windows 10 Passwords Social Media Saving Money Holiday Gadgets Chrome Virtualization Tech Term Managed IT Services Microsoft Office Managed Service Automation Cybercrime Operating System Artificial Intelligence Computers Facebook BYOD Mobile Device Management Health Networking IT Support Internet of Things Hacking Wi-Fi Remote Managed Service Provider Spam Alert Covid-19 Information Office 365 Telephone Systems Information Technology Recovery Employer-Employee Relationship Router Bandwidth BDR Social Engineering Mobility Applications Data Breach Application Human Resources Law Enforcement Big Data Remote Monitoring Password Money App History Mobile Computing Encryption VPN Government Remote Computing Blockchain Private Cloud Paperless Office Mobile Office How To Managed IT Apps Office Tips Data Storage Patch Management Training Website Gmail Budget Google Drive Settings Servers Two-factor Authentication Avoiding Downtime Data Security Mouse HaaS Bring Your Own Device Data Management Work/Life Balance Infrastructure Flexibility Voice over Internet Protocol Marketing Wireless WiFi Vulnerability IT solutions Windows 7 Word Entertainment Safety Data Protection USB HIPAA Sports Redundancy Firewall Keyboard Vendor Management Virtual Reality Apple Vendor Social Managed Services Staff Software as a Service Display Telephone System User Error Save Time Machine Learning Meetings Connectivity Remote Work Employee/Employer Relationship Cleaning RMM Risk Management Hacker Conferencing End of Support The Internet of Things Education Physical Security Lithium-ion battery Scam IT Management Cryptocurrency Botnet Customer Service PDF Environment Procurement IT Plan Workplace Strategy Comparison Net Neutrality IT Consultant Fax Server Proactive IT CES Help Desk Unsupported Software Printing Best Practice SaaS Humor YouTube Charger Black Market Content Management Business Technology Access Control Compliance OneNote Computer Care Managed Services Provider Current Events Network Congestion Virtual Assistant eWaste Document Management Telephony Authentication Database Solid State Drive Wireless Technology Samsung Downtime Remote Workers How to Value Processor Data storage Update Wearable Technology Automobile Spam Blocking Electronic Medical Records Hard Drives Hard Drive Retail Virus Instant Messaging Google Docs Robot Computing Infrastructure Excel Hiring/Firing Identity Theft Unified Threat Management Going Green Computer Accessories Biometrics Computing Virtual Desktop Battery Augmented Reality DDoS Shadow IT Fraud Legal Business Intelligence SharePoint Remote Worker Printer Digital Signage Bluetooth Audit Internet Exlporer Worker Analyitcs Public Computer Recycling Saving Time Procedure Regulations Wiring dark theme Printer Server Programming Practices Shopping Notifications Transportation Google Search Computer Fan Cache AI Rootkit Amazon Web Services IT Infrastructure Criminal Bing Safe Mode FinTech Antivirus GDPR Relocation Workers Hosted Computing Social Network Benefits FENG Wireless Internet Windows 8 Online Shopping Investment IBM Employee/Employer Relationships IT service Video Games File Sharing Employees Worker Commute Flash Camera Windows 365 Inventory Smart Technology Specifications ISP Experience Wire Video Conferencing Tablet Evernote ROI Supercomputer Bitcoin Travel Shortcuts Domains Scalability Software Tips Sales Business Owner Sync Printers Point of Sale Emails Personal Millennials Cryptomining IaaS Maintenance Smart Office Supply Chain Management NarrowBand Wireless Charging Bloatware Batteries Consultant Search Monitoring Virtual Private Network Windows 8.1 Analytics iPhone Netflix Digitize Two Factor Authentication Workforce Root Cause Analysis Tablets Cables Windows Server 2008 R2 Entrepreneur Knowledge Music Best Available HBO Customer relationships WIndows 7 Skype Project Management Email Best Practices Files Nanotechnology IT Assessment Telecommuting Manufacturing Shortcut Data loss Chromecast Cortana Outlook Computer Tips Cost Management Leadership Digital Signature Managed IT Service Troubleshooting Security Cameras Start Menu Warranty Virtual CIO Social Networking Colocation OneDrive Uninterrupted Power Supply Biometric Security Loyalty Google Apps Screen Mirroring HVAC Peripheral Frequently Asked Questions Digital Security Cameras Monitor Analysis Using Data Books User Running Cable Mobile Administrator PowerPoint Windows 10s Devices Copiers Windows Media Player 5G Memory Cast Enterprise Content Management Quick Tip Tip of the week MSP Ergonomics Reputation webinar Accountants Streaming Media Emergency Smartwatch Managing Stress Content Professional Services Microchip Public Cloud Thought Leadership Development Tech Support Employer Employee Relationship Credit Cards OLED Laptop Assessment Password Manager Virtual Machine Techology Password Management PCI DSS Windows Server 2008 2FA Cameras Customers Fiber Optics Multi-Factor Security Employee Audiobook Tools Search Engine Twitter Messaging Science Cabling Touchpad Television Business Mangement Hypervisor NIST Policy Dark mode Smart Tech Trend Micro Trending Distributed Denial of Service Politics Customer Relationship Management Advertising Addiction SMS Amazon Default App

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code