Tip of the Week: Five Tricks to Identifying a Phishing Attempt

Despite its whimsical name, phishing is a very serious threat to everyone, especially today’s businesses. This means that you need to be prepared to identify its warning signs and avoid risky situations. Here, we’re offering a few tips to help you do so - make sure you share them with your employees as well!

Habits to Help You Foil Phishing Attacks

Fortunately, once you and your staff have developed the following habits, the likelihood of a phishing attack fooling one of you diminishes greatly… but not entirely. Attackers are always coming up with clever and new ways to pull the wool over their targets’ eyes, and there’s always the chance that you or one of your team members could miss one of the warning signs.

This is precisely why it is so important to turn the following activities into learned, automatic behaviors.

Check Links Before You Click Them

Links are a wonderfully convenient thing, when you think about it - all you have to do to go to the website you want to visit is click on the right link. However, cybercriminals will put wrong links into their messages (often disguising them) in an attempt to take advantage of this tendency. You need to get into the habit of taking a moment before clicking through any link you see and simply hovering your cursor over it.

This will display the URL the link directs you to, giving you the chance to confirm that the link is legitimate before clicking through.

Know How to Spot Fraudulent Links 

Speaking of whether or not a link is legitimate, there are a few warning signs that hackers are counting on you to miss.

Let’s assume that you receive an email that appears to come from Amazon, offering some really impressive deals on some furnishings that your business could use, or some basic office supplies that always seem to be running low. The important thing is, it is something that definitely interests you… but is it actually coming from Amazon? As we said above, the URL can help you determine whether or not the message is legitimate.

Where in the URL does the last “dot” (as in, “dot-com”) appear? In a legitimate URL, the last dot would be the last one in the domain. 

• [amazon.com/deals/offers] - As the last dot is the one in “dot-com,” this link should be safe to click through.
• [amazon.com.deals/offers] - This URL should not be clicked on, as there is an additional dot after the domain.

Check the Sender

Who does the email actually come from? Sure, it might look like any other email from Amazon, or eBay, or PayPal, or whatever the case may be, but a skilled fraudster could have replicated their design with little trouble. What would be more difficult for them to do would be to hide the email address that displays in the header. Pay close attention, as these attackers have had to become really clever with how they disguise their trickery.

Sometimes they’ll omit letters, so the URL still looks close enough to the real one to pass the “quick glance” task. Quickly skim through this list:

• amazon.com
• google.com
• ebay.com
• payal.com
• reddit.com
• visa.com

Did you catch the fake? If you didn’t, look again more carefully. Since our brains are expecting certain letters to be there, we can subconsciously insert them into what we’re reading. 

Similarly, we can still read words that are scrambled up, so long as all the right letters are still there and the first and last ones are in place. In fact, that list could just have easily included the URL for “papyal.com,” or some variation of another URL. Carefully checking each time you open your email will take perhaps a half-second longer, but could prevent a much more time-consuming issue.

Taking the few moments to go through these steps won’t interrupt your day unduly, but will help keep your business safe. For more assistance with your security and assorted other IT tips, keep checking back in with this blog, and reach out to CoreTech at (270) 282-4926.