Tolar Systems Blog
Don't be Phished In! How to Spot Malicious Emails
Fishing season may be starting soon, but there's another type of "phishing" that's always in season - and that's the kind that comes in your email, not at the lake.
Email is not only a mission critical tool for communication and collaboration, it's also one of the primary ways that criminals attempt to infiltrate client networks to steal data, hold it for ransom and damage business reputations. Over the last year, these attempts have escalated, placing our client networks at greater risk.
"Phishing" is the most common types of malicious email attacks we're seeing. And like most email-based attacks, phishing depends on user trust to work. So, our technicians took the lead on providing the following tips to help our clients prevent being "phished in."
Read on to learn more about the different types of phishing attacks, and what you can do to prevent being "phished in."
Phishing attacks take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. Although Tolar maintains controls to help protect client networks and computers from cyber threats, users still play a key role in preventing these attacks from succeeding.
We’ve outlined below a few different types of phishing attacks to watch out for, along with some ways to protect yourself and your business.
4 Types of Phishing
- Phishing. In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.
- Spear Phishing. Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to IT by Design in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
- Whaling. Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to ours, they look like normal emails from a high-level official of the company, typically the CEO or CFO, and ask you for sensitive information (including usernames and passwords).
- Shared Document Phishing. You may receive an e-mail that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.
How To Protect Yourself
To avoid these phishing schemes, please observe the following email best practices:
Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
Do not provide sensitive personal information (like usernames and passwords) over email.
Watch for email senders that use suspicious or misleading domain names.
Inspect URLs carefully to make sure they’re legitimate and not imposter sites.
Do not try to open any shared document that you’re not expecting to receive.
Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
Thanks again for helping to keep our networks and personal information from these cyber threats.