Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Think Before You Click: Spotting a Phishing Attempt

Think Before You Click: Spotting a Phishing Attempt

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from something@facebook.com, right? Well, if you get an email about your password or telling you to log into your account and it’s from something@faecbook.com, you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from something@amazn.com or emails from PayPal might come from something@paypalsupport.com. It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com - This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Total Tech Care. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 24 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Internet Microsoft Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications Smartphones Communication IT Support Business Continuity Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Quick Tips Cybersecurity Users Business Management Phishing Managed IT Services Upgrade Windows Outsourced IT Ransomware Data Backup Windows 10 Save Money Cloud Computing Office Data Recovery Server Passwords Windows 10 Gadgets Chrome Virtualization Tech Term Social Media Saving Money Holiday Microsoft Office Managed Service Automation Managed IT Services Operating System Artificial Intelligence Computers Facebook Cybercrime Hacking Wi-Fi BYOD Mobile Device Management Health Networking IT Support Internet of Things Managed Service Provider Spam Alert Covid-19 Information Office 365 Telephone Systems Information Technology Remote Social Engineering Mobility Recovery Employer-Employee Relationship Router Bandwidth BDR Remote Monitoring Big Data Password Money App History Mobile Computing Encryption Applications Application Data Breach Human Resources Law Enforcement Paperless Office Mobile Office How To Managed IT Apps Office Tips Data Storage Patch Management Training VPN Government Remote Computing Blockchain Private Cloud HaaS Bring Your Own Device Data Management Work/Life Balance Infrastructure Flexibility Voice over Internet Protocol Marketing Wireless WiFi Vulnerability IT solutions Windows 7 Entertainment Word Website Gmail Budget Google Drive Settings Servers Two-factor Authentication Avoiding Downtime Data Security Mouse Managed Services Telephone System Staff Software as a Service Display User Error Save Time Machine Learning Meetings Remote Work Connectivity Employee/Employer Relationship Cleaning RMM Risk Management Hacker Conferencing End of Support The Internet of Things Education Physical Security Lithium-ion battery Scam Safety Data Protection Sports USB HIPAA Redundancy Vendor Management Firewall Keyboard Virtual Reality Apple Vendor Social Solid State Drive Wireless Technology Samsung How to Downtime Remote Workers Value Processor Data storage Update Electronic Medical Records Wearable Technology Automobile Spam Blocking Retail Hard Drives Hard Drive Virus Instant Messaging Google Docs Excel Hiring/Firing Identity Theft Robot Computing Infrastructure Unified Threat Management Going Green Computer Accessories Biometrics Computing Virtual Desktop Battery Augmented Reality Shadow IT Fraud DDoS Legal Business Intelligence SharePoint Remote Worker Printer Digital Signage Internet Exlporer Worker Bluetooth Audit IT Management Cryptocurrency Botnet Customer Service PDF IT Plan Environment Procurement Workplace Strategy Comparison Net Neutrality Proactive IT IT Consultant Fax Server Unsupported Software CES Help Desk Printing Best Practice YouTube Charger SaaS Humor Business Technology Black Market Content Management Access Control Compliance OneNote Computer Care Managed Services Provider Network Congestion Virtual Assistant Current Events Database eWaste Document Management Telephony Authentication Root Cause Analysis Tablets Cables Windows Server 2008 R2 Best Available HBO Customer relationships Entrepreneur Knowledge Music Telecommuting Manufacturing WIndows 7 Skype Project Management Email Best Practices Files Nanotechnology IT Assessment Shortcut Data loss Chromecast Cortana Outlook Computer Tips Cost Management Leadership Digital Signature Managed IT Service Troubleshooting Security Cameras Uninterrupted Power Supply Biometric Security Start Menu Warranty Virtual CIO Social Networking Colocation OneDrive Screen Mirroring HVAC Peripheral Loyalty Google Apps Frequently Asked Questions Digital Security Cameras Monitor Analysis Using Data Books Windows Media Player 5G User Running Cable Mobile Administrator PowerPoint Windows 10s Devices Copiers Cast Enterprise Content Management Quick Tip Memory Tip of the week MSP Ergonomics Reputation webinar Accountants Streaming Media Emergency Smartwatch Tech Support Employer Employee Relationship Credit Cards OLED Managing Stress Content Professional Services Microchip Public Cloud Thought Leadership Development Techology Password Management PCI DSS Laptop Assessment Password Manager Virtual Machine Windows Server 2008 2FA Cameras Customers Fiber Optics Multi-Factor Security Employee Science Cabling Audiobook Tools Search Engine Twitter Messaging NIST Policy Touchpad Television Business Mangement Hypervisor Dark mode Smart Tech Trend Micro Trending Amazon Default App Distributed Denial of Service Politics Customer Relationship Management Advertising Addiction SMS Procedure Analyitcs Public Computer Recycling Saving Time Regulations Wiring dark theme Printer Server Programming Practices Shopping Notifications Transportation Google Search Rootkit Amazon Web Services IT Infrastructure Computer Fan Cache AI Safe Mode FinTech Criminal Bing Antivirus GDPR Relocation Workers Hosted Computing Social Network Benefits Windows 8 Online Shopping Investment FENG Wireless Internet IT service Video Games File Sharing Employees IBM Employee/Employer Relationships Worker Commute Flash Camera Windows 365 Inventory Smart Technology Specifications ISP Tablet Evernote ROI Experience Wire Video Conferencing Domains Scalability Software Tips Sales Supercomputer Bitcoin Travel Shortcuts Business Owner Sync Printers Point of Sale Emails Personal Millennials Cryptomining Maintenance Smart Office Supply Chain Management NarrowBand Wireless Charging IaaS Consultant Search Monitoring Bloatware Batteries Two Factor Authentication Workforce Virtual Private Network Windows 8.1 Analytics iPhone Netflix Digitize

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code