The primary method used by cyber criminals to gain access to your computer is through email phishing attacks. This tactic involves hackers creating compromising malware and sending a catchy email hoping to ensnare an
unsuspecting victim to click on the attachment or links within the message. Once the victim clicks on the attachment or link, cyber criminals look to extort victims for money, steal personal information, gain access to other business computers
and countless other cyber heists.
It’s likely you are already using a firewall, spam filters and virus protection software to keep yourself protected. However, this is not enough anymore. What cyber criminals are relying on is social engineering
techniques to dupe people into clicking on the attachments and links in cleverly crafted emails. Once this is accomplished, they gain access to your compromised computer. The most important thing for you is to recognize these phishing
emails tactics and not get tricked by one of these malicious emails.
How do you spot a phishing email?
A cleverly crafted phishing email has you act, without hesitation, on the message within the document. The cyber criminals create content in unsolicited emails that prey on your emotions, fears and create a sense
of urgency for you to act quickly.
1. Attachments and links
Most phishing emails have an attachment of some type that includes what seems to be an ordinary PDF, ZIP, DOC and other file types. What these attachments are is a payload of malware that infects your
computer. Another means of deception is providing a link in the email directing you to another site you think will be useful, which once clicked on, takes you to a server that installs malicious code. So, for example, be wary of that
credit union that sends you an unsolicited email that contains a PDF that you must fill out for credit verification.
2. Email sender is spoofed
Hackers will try and provide an email that looks like it is coming from a trusted source. So, the email will look like it is from your bank, PayPal, Amazon, Fedex, your credit union and any number of other trusted
entities. Because phishing is a general blast to indiscriminate users, often, these emails come from a business you don’t even use. An example may be receiving an email with an attached voicemail message from Verizon, but you have
AT&T as your cell phone provider.
3. A message with a sense of urgency
All the emails create some reason for you to click on the attachment or the embedded links. So, everything from the subject line to the message in the email directs you to you do something quickly. They will
include catchy subject lines and encourage fast acting activities directing you to the attachment or link in the email. Sometimes, these emails may come at the end of the day, when your guard is down. They will also create a message based on
the season or timely event. Subject lines can contain things like: Your account is suspended, Login Notification, Incoming Wire Notice and Access to your has been restricted.
4. Flawed email construction
Often, the emails are poorly written, contain bad grammar, scraped from a real email and just flawed with bad information. The emails are often hastily written with several errors that can include incorrect dates,
awkward salutations, and incomplete sender contact information. Another flag is the use of an uncommon or Courier font in the email.
5. Bad header information
Look at the address of who is getting the message. Is it actually to a known email you have, someone you know or just a blanket blast of people? Often, the email is sent to “Recipient” or not even to you.
If you get an email you are uncertain about, contact the business from a known trusted phone number or open a browser to type in the url access to the account. Do not use any of the information provided to you in the email to initiate contact.
These are just a few of the obvious flaws that show up in phishing emails. Cyber criminals use countless different phishing methods and are very adaptive in their approach in attempting to hack into your
computer. Since these are not the only methods, you must stay on your guard and recognize the general tactics used to help keep you protected from unwanted phishing attacks.
To learn more, watch our latest webinar on Keeping Your Business Secure on our site
here. If you are looking for ways to keep your business better protected with our secure cloud workspace, contact us today at (301) 854-0010.