What is phishing?
Simply put phishing scams are fraudulent emails or false web pages appearing to originate from legitimate enterprises (e.g., your university, your bank, your Internet service provider or a social media site you are daily using). Knowing how to identify these are imperative in avoiding being a victim either personally or as an employee.
Avoid being a victim
Phishing scams are crude social engineered traps to induce panic in the reader and trick the reader into responding or click immediately by claiming that they’ll lose something (e.g., Social media account, bank account or mail account). What usually happens next is that the user is tricked into giving up sensitive information or infected with malware. The data stolen can then be used to commit identify theft, fraudulent activities or infiltrate your company.
How to identify potential phishers
- Hover your mouse over any links to see where they might actually be directing you.
- Check the sender address in the email for any suspicious misspelling or domain names (firstname.lastname@example.org, email@example.com)
- Has the sender previously instructed you to reveal this information?
- Is this information typically sent over email? A bank will never ask for your personal ID or detail any financial information in the email.
- If you are unsure of the sender then go directly to the website through a different browser or call them directly and check.
- Don’t know the sender? Never click any links or divulge information before being absolutely sure.
- Visiting a web page without SSL is not recommended (There should be lock at the far left in the address field). Web pages without this is by definition not safe and everybody can “listen in” on any information you provide.
- Double check the address name the same way you do for emails. Any suspicious domains or names? (Apple.pw, aple.tw etc.)
- Being redirected while following a link? Be suspicious as it might lead you to phishing sites or malware infected landing pages.
if you think you are a victim?
- Report it to the appropriate people within the organization. Typically your IT department or security officer.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any explainable charges to your account.
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- If you haven’t already, make sure proper up to date anti-spam solutions are in place to safeguard you.