Phishing: Don’t Get Caught by the Bait

Another client got a little confused by a phishing scam recently. Thankfully, they knew the signs and contacted our IT team, but we’ve had other clients that weren’t so lucky. So here is a little refresher course for all of us.

What is phishing?

Phishing is an attempt to get secure information such as passwords and credit card numbers from you. The communication often looks or sounds like it is a legit person or organization.

Related: Phishing, Spoofing, and Spam...Oh My!

Why isn’t my SPAM blocker protecting me?

SPAM is typically a message sent to thousands of addresses by an automated program from a bogus server. Phishing messages are usually sent specifically to you from a legitimate email system (Gmail, Hotmail, Skype, etc.) by a living person, so it’s difficult to distinguish from a typical message. You can respond to the phishing message, and typically some will personally answer you within a few minutes. It's part of the scam to make the message seem legitimate (like the image below from a "Mail Admin" account).


Is there anything I can do to protect my business?

You (the end user) are the most effective defense. Tell your staff to use extreme vigilance when opening documents from untrusted or unknown sources. 

A few simple rules will help your team:

  • Never send anyone money if requested through email.
  • Don’t send personal information thru email. 
  • Check the email address. Cybercriminals will often use display names that look familiar, so you need to look at the actual email address.
  • Check link addresses before clicking. You can usually hover over to see where the link is about to take you. If the address is not a link from the sending organization, don’t click it.
  • Emails that use poor grammar and spelling are suspicious; treat them that way.
  • Realize that agencies like the US Treasury and vendors like Microsoft aren’t going to call you, Ed McMahan didn’t send you the winning sweepstakes notification as an email attachment, and you really don’t have $5.3M in diamonds held personally by a Nigerian Prince who just needs your credit card number to cover the shipping costs.

We can train your staff and even create a few tests to see if your crew is likely to fall for phishing scams. Just let us know. We're a Nashville IT company with over a decade of experience, and we'd love to help you get your IT problems off of your mind.

Get more info:
Nigerian Prince Revisited: The Spear Phishing Wire Transfer
The Hacking Business: Types of Malware