Protecting Your Company Against Phishing Attacks

In light of recent phishing attacks, we want to ensure you are aware and armed against any future phishing attempts.

Email threats are one of the most common types of phishing attacks used by cyber criminals. A few years back, much of the early spam traffic was simply annoying and amounted to junk mail. However, it wasn’t long before criminals started using email to deliver destructive viruses and malicious software. Phishing is a fraudulent attempt usually made through email, to steal personal information.

Phishing attacks via email usually appear to come from a well-known organization and attempt to fool you into releasing your personal information — such as a credit card number, social security number, account number or password. At times phishing attempts appear to come from sites, services and companies with which you do not even have an account. In recent months, phishing attacks appear to come from familiar sources used by many users like Facebook, Paypal, or Bank of America to name a few.
In order for Internet criminals to successfully “phish” your personal information, they lead you to a website. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would never request this information of you via email.

What to look for in a phishing email:

1. Out of the ordinary / attractive information. Hackers want to spark your interest. If you receive a file that you wouldn’t normally receive via email – whether a personnel file or a sales order/P.O. – check with the sender or department separately (not via email) to confirm if the attachment is legitimate.
2. Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.
3. Generic greeting. Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like “First Generic Bank Customer” so they don’t have to type all recipients’ names out and send emails one-by-one. If you don’t see your name in the greeting, be suspicious.
4. Forged link. Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Roll your mouse over the link. Look in the bottom left of your screen and see if the URL showing matches what appears in the email. If there is a discrepancy, don’t click on the link.
5. Requests personal information. If you receive an email requesting your personal information, it is probably a phishing attempt. In the case of the most recent incident, if you are already logged in to your Gsuite account, and a link is asking for your credentials or to authorize access, you should be very suspicious.
6. Unknown senders/recipients. Oftentimes phishing emails include recipients whose emails addresses are either fake or unknown to you. Always review the recipient and sender’s’ email addresses and if they don’t look familiar to you, it is probably a phishing attempt.

What to do if an email looks phishy:

1. Do not click on any links or download attachments from the email.
2. If the sender is someone you know, reach out to the sender separately (not via email!) to verify authenticity.
3. Report the incident to your to confirm.
4. Mark the message as spam.
5. Delete the message.
   

Remember – when in doubt, ask! Phishing attacks are getting more sophisticated

If you have any questions or would like to get more information on this topic, please reach out to us for a free security assessment!

Nicky Parseghian
Practice Director – G Suite / Cloud Search / Workplace
SADA Systems