How Phishing Could Happen to Anyone

by Modis on October 26, 2017

phishing attackWorking in the tech industry can give you a false sense of security about your security. Phishing emails are a regular occurrence in our line of work, and most are so obvious they don’t warrant a second thought.

But phishing emails have grown more sophisticated as internet users have become more aware, and it only takes a momentary lapse in attention for even the most tech-savvy person to fall victim.

These are some of the most common – and most effective – phishing techniques being used today.

Spear-Phishing

Spear-phishing takes advantage of the plethora of professional information available online, then uses that information to craft personalized emails designed to mimic business correspondences.

Through sites like LinkedIn, phishers can pull information, such as your name and company. They then target you with personalized emails that look like they come from a vendor, your colleagues, or even your company’s CEO. These emails might ask you to reply with certain information, or drive you to a malicious site.

File Sharing

File sharing sites like Dropbox and Google Drive have become popular platforms for phishing attempts, especially when targeted at employees who work with multiple external partners.

File sharing phishing takes two approaches: a fake notification that drives to a malicious site, or a real download link with a malicious file. The former usually takes you to a legitimate-looking login page that captures your account credentials, while the latter infects your computer with malware, like viruses or keyloggers.

Account or Credit Card Suspensions

Phishers take advantage of emotion to make you act before you think, and they try to stoke urgency by posing as banks or credit card companies.

Through email or text, phishers notify you that your account has been locked or suspended due to fraudulent activity, hoping you’ll react by clicking a link or responding with account information before you pause to question the authenticity of the claim.

E-Commerce Notifications

The holiday season is approaching, and it’s a prime opportunity for phishers to target consumers with emails posing as e-commerce sites like Amazon and eBay.

Phishers have a variety of e-commerce angles: a fake refund, updated Terms of Service, or a missed package notification are common tactics – but all are designed to mirror the look of the site that they’re posing as. Color, layout, even the font is a picture-perfect copy of a legitimate email from the retailer.

How to Protect Yourself

Despite the growing variety of phishing tactics, there are a few basic steps you can take to ensure that your information remains safe.

  • Ask yourself if it looks legitimate. That might sound obvious, but most phishing attempts can be spotted by taking a moment to ask that question. Does this sound like an email my CEO would send me? Does it make sense that I’m receiving a refund from Amazon for something I never bought?
  • Check the sender. Oftentimes, the sender’s email will have inconsistencies that give the scam away. This could be a subtle misspelling they hope you miss, or an extended URL not used by the company they’re posing as.
  • Check the URL. Hyperlinks and clickable buttons are used to mask malicious URLs, and you should never click on a link without hovering your mouse over it first. Doing so will reveal the full address that you’re about to visit.
  • Google it. If an email looks suspicious, a quick internet search will often reveal stories of other people targeted by the same phishing attempt.
  • Notify IT if you think you’ve been phished. It can be embarrassing, but waiting and hoping nothing happens will be much more harmful. Notifying IT right away will allow them to take necessary steps to keep you and your company safe.

Leave a Comment

Previous post:

Next post:

Modis