Avoid Being Phished

[avatar user="Jamie Poindexter" size="thumbnail" align="left" link="attachment" /]byJamie Poindexter|Jun 22, 2020|Jamie's Tech CornerWhat is email phishing?Phishing is a type of cybercrime used to steal data from the recipient. You can receive a phishing scam through text, by phone and most commonly through email. The information obtained can results in access to important accounts like bank accounts, social media accounts, and email accounts. Once they receive access, they can then steal whatever information they want which can lead to financial loss, identity theft, and computer issues such as viruses.How do they receive this information? Let us use the email as an example. The hacker will often use a legitimate looking email from a reputable company like Apple, Capital One, and Amazon. It is usually websites you frequent so that it does not appear to be out of the norm. Within the email will be a link that they are asking you to click. The email may say click here to view your invoice, update your personal info, or verify a charge. Once the link is clicked, they process to obtain your information has begun.How to identify a phishing email.The first step is to forget how the email looks. the logos for instance can all be copied from legitimate websites and are very convincing. Instead, look for smaller details that one may normally overlook. Are there any misspelled words or the use of improper grammar? Did they misspell your name or a colleague’s name in the email? Does the email request a sense of urgency stating you only have a certain amount of time to handle the matter? Is the sender a legitimate send? In the picture below, you can see several ways the email appears legit, but looking a little closer we have pointed out the smaller details that prove it’s a phishing email.

Just looking at the picture one would assume it is from Norton. However, if you look closer (in the middle red circle) it says it is a Norton affiliate program. You can also see that the email address it was sent form was a non-Norton account. The second item circled shows the actual link you would be taken to if you clicked the renew now button. Notice it is not a Norton link? You will also notice that the small TM (trademark) is missing beside the logo. These are small details, but these are the details people overlook and end up clicking the link. Another quick way to determine if this is phishing, do you even use Norton as your anti-virus program? Be aware of the programs you use and do not use.What should I do if I am a victim of phishing? The first step is to prevent spreading. If you tried to login with an email and password, you would want to reset the email password right away. If you also use that same password on other websites (which is not recommended) you have work to do. The attacker could use that same email and password to login to other sites such as banking or file sharing sites and cause more havoc. Reset any website credentials that would use the same username and password you provided. You will also want to monitor any bank accounts and credit cards for suspicious activities. Next, notify coworkers because they are likely getting the same email and we want to prevent them from failing for the scam.The easiest way to minimize the damage is to NEVER use the same username and password for multiple sites. If your banking website, credit card website, or email support two factor authentication(2FA), set it up. While it may be annoying to login and then wait for a code to be sent to your phone, you will significantly cut down on the damage if compromised.