What Is Phishing?
Phishing is a malicious computer-based attack that involves the use of counterfeit emails in order to trick recipients into disclosing sensitive data. Cybersecurity experts estimate that "at least 3.4 billion fake emails are sent each day" — that's why combating phishing is a priority among managed IT providers.
How Do Phishing Scams Work?
Cyber criminals create emails that appear to come from legitimate, trusted senders such as financial institutions, service providers and even co-workers. Phishing scams can also involve SMS (text) messages and social media posts. Often these phishing emails say that in order to maintain cybersecurity at your organization, office or practice, you need to re-enter your user ID and password to verify that you are a trusted user of a particular app or program.
These phishing messages all contain inline links that lead recipients to a website that is a near-exact replica of the real website in order to convince you that it's safe to enter your sensitive data. If you take the bait and click through to the link provided in the phishing email, cybercriminals record your digital credentials and use these to empty your bank account, access client files, or send out a spam attack to all of your contacts.
How Can You Spot a Phishing Email?
Phishing emails can be incredibly difficult to detect, however, there are some telltale signs you can look for:
Misspelled words, poor grammar and awkward phrasing are often found in low-quality phishing emails
Messages from a company you don't do business with asking you to log into their website
Emails that are too generic - many phishing emails begin with "Dear Customer"
Messages that come from a trusted contact, but are inconsistent with the type of email that contact would send you
Some phishing scams use what is referred to as a 'spray and pray' strategy — the cybercriminals send out mass emails asking recipients to reset their password for a well-known e-commerce site, such as Amazon. The senders know there are about 100 million Amazon Prime members worldwide so the odds are good that their phishing email will reach someone who will take their bait.
Ways To Protect Yourself Against Phishing
The key to protecting yourself and your organization against phishing is to develop good habits around cybersecurity.
These habits should include:
Using an up-to-date internet browser
Installing high-quality firewalls, or using a managed IT service that includes anti-phishing technologies
Changing passwords every three to six months
Blocking pop-ups on your internet browser
Double-checking the URL of a website before entering any information
Never clicking on a link within an email that you didn't solicit
Always checking a website for the 'lock' icon in the address bar — this shows that the site has been verified as secure (known as HTTPS)
Contact Our Cybersecurity Experts To Learn More
Phishing scams net cybercriminals an estimated half-billion dollars annually in the United States, so expect to see more phishing emails in your inbox. While developing good online habits can help keep you safe, using anti-phishing technology is one of the best ways to protect sensitive data at your firm, company or non-for-profit organization.
For more information on how to avoid becoming a phishing victim, contact us here at the Intrinsic Technology Group today. Our managed IT services provide you with the cybersecurity solutions you need to protect your digital assets while optimizing your daily operations.