k_Street Consulting, LLC Blog

Think Before You Click: Spotting a Phishing Attempt

Think Before You Click: Spotting a Phishing Attempt

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from , right? Well, if you get an email about your password or telling you to log into your account and it’s from , you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from or emails from PayPal might come from . It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com - This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at k_Street Consulting, LLC. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

Know Your Tech: Virtual Machine
Microsoft is Constantly Improving Office 365


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, August 25 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Network Congestion Manufacturing Maintenance Applications Cloud Books IT Consultant Multiple Versions Credit Cards Remote Worker Managed Services Provider Supercomputer Networking ROI MSP HaaS communications Virtual Desktop CrashOverride Television Cache Tools Augmented Reality Millennials Audit Criminal OneNote User Error Public Computer Safety Mobile Office Alert Financial Emails Connectivity Rootkit Fiber-Optic Customers Line of Business Fax Server Saving Money App Digital Signature Screen Mirroring Phone System Science Wearable Technology Start Menu Cabling Website Best Available Storage Business Intelligence Mobile Chromecast Gaming Console Search Printer Intranet Gmail Worker Microsoft Office Hard Drives Cleaning Professional Services Data storage Root Cause Analysis Logistics Chrome Twitter Outlook Accountants Human Resources Multi-Factor Security Tablet Battery Cryptocurrency IoT Smart Technology Statistics Law Enforcement Access Control IT Services Virtual Private Network Help Desk Worker Commute Information malware IBM Botnet History Infrastructure Audiobook Vendor Management Employee/Employer Relationship Computer Repair How to Downtime Administration Charger Online Shopping Data Recovery Cost Management Business Mangement Data Security E-Commerce Search Engine Office 365 Remote Work Transportation IT Infrastructure Google Search Consultant Managed IT Services Backup and Disaster Recovery PDF Entertainment Solid State Drive Remote Monitoring and Maintenance Cables Upgrade Bloatware Experience Hosted Solution Money Point of Sale Reputation BDR YouTube Firewall Productivity Password Manager iphone Settings SaaS Amazon Business Owner Smart Office Smartwatch Business Continuity Hardware IT Support Saving Time Antivirus Managed IT Lithium-ion battery CES Mobile Device Management Enterprise Content Management eCommerce Windows Server 2008 Wiring VoIP Shortcuts Tip of the Week Programming Net Neutrality Social Engineering Hosted Solutions Safe Mode Hring/Firing HVAC Archive Notifications Mobile Device Password Management Education Machine Learning Congratulations Security Network Computer WiFi Tech Term Cryptomining Small Business Tip of the week Meetings Collaboration Automation User Tips Vulnerability Strategy Passwords Staff Encryption Cortana Paperless Office ISP Computing Infrastructure Business Computing Retail Data Breach Content Filter eWaste Specifications Facebook Evernote Touchscreen Domains Practices Default App Google Drive End of Support Read Content IT Management Smart Tech Health Hacking Sports Proactive Maintenance Windows 7 People Identity Theft Best Practices Restore Data Loyalty Project Management Legal avoiding downtime Virtual Reality Security Cameras Virtualization Data Backup GDPR Unsupported Software Bing Bluetooth VPN Business Technology Regulations Managed Service Provider Value Processor Colocation Mobile Computing Instant Messaging Procurement Wireless Internet Ransomware Shadow IT Advertising How To Virtual Machine Private Cloud Entrepreneur Android Software as a Service Artificial Intelligence Windows Server 2008 R2 Skype Apps Company Culture Hard Drive Analysis Budget Humor Flexibility Hacker Phishing Document Management Employer Employee Relationship Word Electronic Health Records Internet exploMicrosoft Email Tech Support Warranty Workers Regulation Windows 10 Scalability Google Google Apps Workforce Router Blockchain NIST Files Cast Printers Best Practice Save Money NarrowBand Workplace Tips Quick Tips Cameras Mobile Devices Servers Wire Save Time Training Windows Media Player Recovery Data Redundancy Compliance Students Remote Maintenance Voice over Internet Protocol Techology analytics Data Protection Innovation Windows 10s File Versioning Privacy IT service Data Management DDoS Flash Hypervisor Software Tips Fraud Computers Emergency Shortcut Data Warehousing Distributed Denial of Service Pain Points Conferencing Distribution Smartphone Social Administrator Thought Leadership Apple Business Utility Computing Hackers Knowledge Office Tips Inventory Telephony Bring Your Own Device Investment Application Environment Windows 8 Browser Recycling Display Wireless Technology Two-factor Authentication WIndows 7 travel Frequently Asked Questions Employer-Employee Relationship Lifestyle Miscellaneous Amazon Web Services IT Support Sync webinar Business Management HBO Windows Computer Fan Assessment Proactive Azure Server Music USB Efficiency Office Work/Life Balance Trending BYOD Theft File Sharing Telephone Systems Employee Content Management Data Storage Wi-Fi IT Plan Microchip Wireless Charging Personal Information Addiction Public Cloud Cybercrime Hiring/Firing Smart Devices Backup Mobility Gadgets Streaming Media Operating Systems Proactive IT Managed IT Services Politics Laptop Information Technology Uninterrupted Power Supply Customer Relationship Management Spam Blocking Database Comparison Black Market LinkedIn Marketing Hosted Computing OLED Unified Threat Management Leadership Spam Automobile Biometrics PowerPoint Social Networking IaaS Relocation Digital Payment Authentication Nanotechnology Biometric Security Password HIPAA Computer Accessories Troubleshooting Remote Computing Communication Webinar Managing Stress Microsoft Cybersecurity Cloud Computing Content Filtering Netflix Electronic Medical Records Camera Hybrid Cloud Keyboard Product Reviews Network Security Excel Benefits Scam Data loss Video Games Patch Management IT solutions Telephone System Government Devices Two Factor Authentication Virtual Assistant Analytic 5G Update User Tablets Software Telecommuting Windows 10 Touchpad Disaster Recovery Insurance Healthcare Robot Operating System Vendor Remote Monitoring Google Docs Physical Security Printer Server RMM Samsung Memory IT Solutions Current Events Online Currency Social Media Customer Service SharePoint Thank You Mouse Digital Signage Virus Wireless Computer Care Going Green Bandwidth Productivity The Internet of Things Unified Communications Users Running Cable Managed Service Analyitcs Internet Internet Exlporer FENG Outsourced IT Monitor Risk Management Internet of Things Technology Holiday Big data Smartphones

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *