In a recent post, we touched briefly on spear-phishing: a low volume, highly targeted approach to spam where hackers compromise a legitimate domain or server allowing them to send phishing emails from a seemingly reputable address to their researched target. As these targeted phishing attacks become even more refined and information breaches continue to grow, it is important that users and businesses of all sizes know what to look out for in order to protect proprietary information. Below are 5 situations that should invoke a little extra skepticism and assist you in identifying phishing emails.
- Note whether personal information in the message could have been obtained on social networking sites. Relationships, location, age, school, job and interests are just a few personal facts that are often seized from social media sites like Twitter or Facebook. Once you have shared private information about yourself, it should be regarded as belonging to the public domain.
- Proceed with caution if the email contains a URL. Hackers often try and trick users into downloading malware or by directing them to a webpage loaded with a browser exploit. A browser exploit takes advantage of the operating system or a piece of software to breach browser security and alter a user’s browser settings without the user knowing. Unless from a reputable sender, you should almost never click a URL link in an email. Phishers will often try to capitalize on recent news events or disguise their message under topics like corporate earning results. Consider anything of this nature a red flag.
- Emails in spear-phishing attacks frequently assume the identity of someone you know to lure you in. Pay attention to the tone of the message. These hackers have established streamlined approaches for gathering personal information but a human personality is not as easily imitated. Always verify the email address matches the claimed sender. If the message claims to be from a credible business, confirm the email address is equally credible.
- An email message requiring urgent action is likely a scam. A phisher strives to convince users to respond immediately before they realize they are being tricked.
- ALWAYS be wary when a message asks you to supply personal information. Most online services make it very clear that they will never ask for personal information, and especially not by email.
Just to reiterate, after a user clicks on an embedded URL malicious code hidden inside scours document files, steals passwords and identifies network vulnerabilities resulting in a loss of confidential data. In confidential and information-reliant industries like legal, healthcare, gaming, and government, it is critical that every preventative step is taken to protect your data. Phishing is irrelevant with Sendio. By positively constructing a network of trusted customers, suppliers, partners, friends and associates, Sendio completely eliminates the threat. Visit the links above for a better understanding of how Sendio can assist your specific industry in data protection and phishing security.