Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Think Before You Click: Spotting a Phishing Attempt

Total Tech Care Blog Security
0 Comments
Think Before You Click: Spotting a Phishing Attempt

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from something@facebook.com, right? Well, if you get an email about your password or telling you to log into your account and it’s from something@faecbook.com, you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from something@amazn.com or emails from PayPal might come from something@paypalsupport.com. It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com - This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Total Tech Care. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

Tweet
Tags:
Spam Phishing Network Security
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 24 April 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Business Google Network Security Microsoft Internet Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices Hardware IT Services VoIP Disaster Recovery Android communications IT Support Communication Business Continuity Smartphones Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Quick Tips Cybersecurity Business Management Users Managed IT Services Windows Upgrade Phishing Data Backup Outsourced IT Ransomware Windows 10 Data Recovery Office Cloud Computing Server Save Money Windows 10 Passwords Chrome Virtualization Social Media Gadgets Saving Money Tech Term Holiday Managed IT Services Automation Managed Service Microsoft Office Facebook Computers Artificial Intelligence Cybercrime Operating System Internet of Things Health Wi-Fi BYOD Mobile Device Management Networking IT Support Hacking Information Technology Covid-19 Information Alert Spam Managed Service Provider Remote Office 365 Telephone Systems BDR Recovery Employer-Employee Relationship Bandwidth Router Social Engineering Mobility App History Law Enforcement Data Breach Mobile Computing Human Resources Application Password Money Remote Monitoring Encryption Applications Big Data Office Tips Training Blockchain Paperless Office Private Cloud VPN Managed IT Remote Computing Apps How To Mobile Office Data Storage Patch Management Government Avoiding Downtime Windows 7 Word Wireless Flexibility Servers Marketing Gmail WiFi Settings IT solutions Entertainment Website Bring Your Own Device Infrastructure Budget Data Management Data Security Two-factor Authentication Work/Life Balance Voice over Internet Protocol Mouse HaaS Google Drive Vulnerability Scam Vendor The Internet of Things Lithium-ion battery Managed Services Display Telephone System Staff Software as a Service Machine Learning Vendor Management Save Time Connectivity Remote Work Firewall Employee/Employer Relationship RMM Cleaning USB Virtual Reality Apple Social End of Support Education Physical Security User Error Data Protection Safety Meetings Sports HIPAA Redundancy Conferencing Keyboard Risk Management Hacker YouTube Access Control Virus Black Market Managed Services Provider Audit Worker Virtual Assistant IT Management DDoS Unified Threat Management Database Authentication Botnet Computer Accessories SharePoint Document Management Remote Workers IT Plan Solid State Drive Wireless Technology How to Downtime Processor Unsupported Software Customer Service Update Environment Charger Printer Data storage Hard Drive Fax Server Bluetooth Automobile Google Docs Compliance Identity Theft Computer Care OneNote SaaS Current Events Computing Infrastructure Computing Telephony Going Green Samsung Augmented Reality IT Consultant Fraud Network Congestion Value Battery eWaste Shadow IT Digital Signage Remote Worker Humor Legal Spam Blocking Electronic Medical Records Cryptocurrency Internet Exlporer Hiring/Firing Procurement Wearable Technology PDF Net Neutrality Retail Hard Drives Workplace Strategy Comparison Instant Messaging Help Desk Robot CES Excel Printing Proactive IT Biometrics Best Practice Business Technology Virtual Desktop Content Management Business Intelligence Personal Cryptomining Printers Experience Point of Sale Millennials Wireless Charging Scalability Supply Chain Management Smart Office Public Computer Science User Business Owner Monitoring PowerPoint Batteries Windows Media Player Digitize Regulations NarrowBand Virtual Private Network Transportation Windows 8.1 Workforce Cables Search Windows Server 2008 R2 Computer Fan Rootkit Distributed Denial of Service Customer Relationship Management Managing Stress Customer relationships iPhone IT Assessment Manufacturing Project Management Workers Nanotechnology Benefits Analyitcs Email Best Practices Telecommuting Programming Cortana Cameras FENG Security Cameras IBM Digital Signature Computer Tips Files Managed IT Service OneDrive Flash Chromecast Biometric Security Warranty Smart Technology Virtual CIO Google Apps Peripheral Antivirus HVAC Software Tips Uninterrupted Power Supply Supercomputer Analysis Windows 8 Digital Security Cameras Colocation Using Data Copiers Sync 5G Administrator Emails IT service Devices Enterprise Content Management Quick Tip Printer Server Monitor Smartwatch MSP Accountants Tablet Ergonomics Credit Cards Development OLED Microchip Netflix Domains Thought Leadership Two Factor Authentication Password Management Password Manager PCI DSS Reputation Virtual Machine Root Cause Analysis Streaming Media Fiber Optics HBO IaaS Tech Support Employee Knowledge Maintenance Music Content 2FA Multi-Factor Security Techology Messaging Skype Laptop Cabling Search Engine Twitter Bloatware NIST Business Mangement Policy Customers Hypervisor Data loss Trend Micro Outlook Leadership Smart Tech Troubleshooting Tablets Audiobook Dark mode Trending Amazon SMS Start Menu Touchpad Default App Addiction Entrepreneur Loyalty Recycling Procedure Saving Time Screen Mirroring Shopping Frequently Asked Questions Google Search Wiring Shortcut Practices Books Politics dark theme Advertising Amazon Web Services Consultant AI Mobile IT Infrastructure Windows 10s Cache Cost Management Bing Safe Mode Social Networking Criminal FinTech Analytics Cast Notifications Social Network Tip of the week GDPR webinar Hosted Computing Emergency Online Shopping Best Available Professional Services Investment Public Cloud Wireless Internet Employer Employee Relationship File Sharing Assessment WIndows 7 Employees Relocation Employee/Employer Relationships Running Cable Windows Server 2008 ISP Camera Inventory Memory Windows 365 Specifications Evernote Video Games Video Conferencing Tools ROI Wire Shortcuts Television Worker Commute Sales Travel Bitcoin

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code