Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Think Before You Click: Spotting a Phishing Attempt

Total Tech Care Blog Security
0 Comments
Think Before You Click: Spotting a Phishing Attempt

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from something@facebook.com, right? Well, if you get an email about your password or telling you to log into your account and it’s from something@faecbook.com, you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from something@amazn.com or emails from PayPal might come from something@paypalsupport.com. It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com - This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Total Tech Care. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

Tweet
Tags:
Spam Phishing Network Security
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 30 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Internet Microsoft Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications IT Support Smartphones Business Continuity Communication Miscellaneous Smartphone Mobile Device Browser Small Business Network Productivity Collaboration Cybersecurity Quick Tips Users Business Management Windows Managed IT Services Upgrade Phishing Outsourced IT Ransomware Data Backup Windows 10 Data Recovery Save Money Cloud Computing Office Server Passwords Windows 10 Chrome Virtualization Tech Term Saving Money Holiday Gadgets Social Media Microsoft Office Managed Service Managed IT Services Automation Operating System Cybercrime Computers Facebook Artificial Intelligence Health Hacking BYOD Internet of Things Mobile Device Management Networking IT Support Wi-Fi Managed Service Provider Information Covid-19 Spam Office 365 Telephone Systems Alert Information Technology Remote Recovery Employer-Employee Relationship Social Engineering Mobility Router BDR Bandwidth Money Big Data Human Resources Encryption Applications Remote Monitoring Data Breach Mobile Computing Law Enforcement Application App History Password Apps Blockchain Paperless Office Data Storage Patch Management Remote Computing Mobile Office Government Private Cloud Office Tips Training Managed IT How To VPN Two-factor Authentication Vulnerability Windows 7 Word Google Drive Mouse Flexibility HaaS Infrastructure Voice over Internet Protocol Marketing WiFi Servers IT solutions Avoiding Downtime Entertainment Website Budget Data Security Wireless Gmail Bring Your Own Device Data Management Work/Life Balance Settings Firewall Telephone System Staff Software as a Service End of Support Conferencing Machine Learning Virtual Reality Education Vendor Apple Physical Security Remote Work Connectivity Safety Scam Managed Services Display Social Sports HIPAA Redundancy User Error Keyboard Meetings Employee/Employer Relationship Vendor Management RMM Risk Management USB Data Protection Hacker Save Time The Internet of Things Lithium-ion battery Cleaning Help Desk Virtual Assistant Hiring/Firing Printing Authentication Fax Server Battery Shadow IT SaaS Legal Managed Services Provider Update Internet Exlporer Database Business Intelligence Virus Network Congestion Remote Workers Audit Unified Threat Management eWaste Worker Google Docs Identity Theft IT Management Computer Accessories PDF Processor Botnet Proactive IT IT Plan Hard Drive Augmented Reality Wearable Technology Best Practice Retail YouTube Fraud Hard Drives Unsupported Software Printer Black Market Instant Messaging Bluetooth Excel Computing Remote Worker Charger Robot Cryptocurrency Compliance Biometrics Document Management OneNote Computer Care Virtual Desktop Current Events Wireless Technology Solid State Drive Telephony How to Downtime IT Consultant Comparison Digital Signage DDoS Samsung Humor SharePoint Data storage CES Automobile Value Procurement Spam Blocking Business Technology Electronic Medical Records Content Management Workplace Strategy Net Neutrality Computing Infrastructure Access Control Customer Service Going Green Environment Employee/Employer Relationships Mobile Windows 10s Antivirus Reputation Streaming Media Employees Tech Support Windows 365 Workforce Windows 8 Best Available Content ISP Cast Virtual Private Network Techology webinar IT service Laptop Emergency Cables Video Conferencing WIndows 7 ROI Tip of the week Bitcoin Professional Services Shortcuts Public Cloud Customers Employer Employee Relationship Sales Point of Sale Telecommuting Tablet Personal Audiobook Cryptomining Project Management Assessment Nanotechnology Domains Touchpad Cortana Supply Chain Management Windows Server 2008 Batteries Tools Digital Signature Monitoring Windows 8.1 Digitize Politics Warranty IaaS Advertising Television Maintenance Windows Media Player HVAC Google Apps Bloatware User Windows Server 2008 R2 PowerPoint Analysis Notifications Customer relationships Devices Email Best Practices Tablets IT Assessment Manufacturing Administrator Public Computer Enterprise Content Management Transportation Entrepreneur Managing Stress Regulations Managed IT Service Security Cameras Computer Fan MSP Relocation Rootkit Accountants Computer Tips Thought Leadership Shortcut Virtual CIO Credit Cards OneDrive Biometric Security Cameras Microchip Video Games Workers Password Management Benefits Password Manager Cost Management Peripheral Multi-Factor Security Using Data Worker Commute FENG Social Networking Digital Security Cameras Twitter Copiers Experience 5G Search Engine IBM Flash Scalability NIST Smart Technology Business Mangement Quick Tip Trending Business Owner Smartwatch Running Cable Smart Tech Ergonomics Supercomputer Addiction NarrowBand Amazon Memory Development OLED Software Tips Printer Server Sync Search Emails Recycling PCI DSS Virtual Machine 2FA Fiber Optics Employee Wiring iPhone Practices Cache Amazon Web Services Messaging Cabling Hypervisor Netflix Safe Mode Two Factor Authentication Criminal Policy Dark mode Science Trend Micro Root Cause Analysis GDPR Files Hosted Computing Knowledge Wireless Internet Chromecast Music Online Shopping SMS Default App HBO Saving Time Skype File Sharing Procedure dark theme Specifications Shopping Google Search Data loss Camera Distributed Denial of Service Colocation Inventory Customer Relationship Management Uninterrupted Power Supply Leadership Wire Troubleshooting Evernote Analyitcs AI IT Infrastructure Outlook Start Menu Bing Monitor Programming FinTech Travel Millennials Social Network Consultant Screen Mirroring Printers Loyalty Smart Office Books Wireless Charging Investment Frequently Asked Questions Analytics

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code