Cleaning Phish
So, we’ve talked earlier this week about what to do if you get a phishing attempt, but we still need to know how to recognize phishing attacks and what we can do to help prevent phishing attacks. Recognizing phishing attempts can be easy or hard, but here are a few tips to help out.
- Don’t trust the display name. The name that shows up in your email from field is not guaranteed to be the person that the email is coming from.
- Look for spelling mistakes or unusual grammar, especially in an email which purports to be from someone in a professional organization.
- If the email urges immediate action or threatens some consequence in the subject line, it’s probably a phish.
- If the body of the email has alarming content or an urgent deadline, it’s likely to be a phish.
- Anytime someone asks for personal info, including birthdays, account numbers, addresses, family details, or other information that should be private, think twice before supplying it. Attackers can take what seem to be two unrelated pieces of information and put them together to help them compromise your accounts.
- Phishing emails often come from subtly changed email addresses. For instance, something supposedly from Microsoft might be from microsoft@micorsoft.com. That last part of the email address is what to look at.
Can you really prevent phishing? Not entirely, but there are some things that you can do to help reduce the frequency of phishing.
- Protect your system with antivirus and a firewall. While this won’t always protect you from malware, it greatly reduces the chances of phishing having negative effects on you if you do fall for a scam.
- Review your account details periodically. Go into the details of your accounts at work, your accounts at the bank, even the accounts for the games you play. Check to make sure that the information is correct and that nothing has been changed. If your account has been changed, find out why. This will not only help you, but it will stop attackers from using your accounts as a “foot in the door” to attack others.
- Never go to websites by clicking links in emails. Links in emails can go almost anywhere. Some might run a script to attack your system. Some might gather your contact information. It really depends on what the hacker is after. Be safe and go directly to the organization’s website and do whatever you need to do there instead of clicking the link in the email they supposedly sent you.
- Report phishing. Click the junk or spam button if you come across a phishing email. Report the email to your IT department. Both actions will help them block the spammers in the future and will help reduce the number of phishing attempts you get.
Hopefully this will be helpful to you. If you have any questions or want to talk more about information security issues, please feel free to contact us. We’re only a Help Desk call away.
Posted By: Bob Landon - IT Services