Phishing is not a fun day on the water! Phishing emails lure you (the victim) into clicking on a malicious URL or email attachment so that you hand over your personal data.
What is Phishing?
Phishing is very similar to spending a day on an ocean or lake but instead of trying to reel in that fish, phishers are trying to reel in your valuable personal information. These people send out e-mails that appear to be from legitimate websites like Amazon, eBay or other institutions. The email will have language saying that your information is out of date and needs to be updated. They will then provide a link to provide your username and password in the email. Once you click the link it will ask for various items such as; your full name, address, phone number, social security number or credit card number. The email appears real due to your occasional shopping spree on Amazon, so you probably don’t think twice about updating your personal information. Once you visit the false website and enter your username and password, or other personal information, the phisher now has access to your account.
How do I recognize a Phishing email?
Well, it’s a good question. These Phishers do everything they can to make you feel that you are getting an email from a trusted site. The first thing would be to look at the email address that the email was sent from. Even though the false emails may look legitimate the address where the email came from can be identified. For example, if you are being directed to Amazon then the last part of that domain should end in amazon.com. Meaning, if you see that you are being directed to http://cmm25.amazon.com you are going to a valid site but http://amazon.userlogin1234.com is a fake address. In addition, if a URL contains an IP address instead of a domain name such as 126.96.36.1997 you can probably bet that this is a link you do not want to click.
What does it look like?
Here’s an example of what an average phishing email looks like:
Do you really think your bank will not allow you to access your account for a month simply because you missed an email?
Ok, what are my first steps to avoid being Phished?
The first thing to do is to be extremely aware of what emails you click on. Obviously, if the graphics are off, your name is wrong, or if there are noticeable misspellings in the email then delete it immediately. Second, if you do receive an email from an institution like Amazon saying that you need to update your personal information go directly to Amazon.com. This way you can log in directly and if you are notified upon login that something needs to be done to the account you can trust their request. Finally, continued education for all employees is extremely valuable. Phishing emails are constantly improving and your staff needs to be aware of what to look for. There are software products and third-party solution providers that can filter out malicious emails but making your employees aware of what to look out for is the first step.
If you would like more information on how to begin the process of implementing a Phishing Email Security Policy please contact Chris Mackin at ACS firstname.lastname@example.org or call us at 508-236-6334 to speak to our team about options.