Phishing
"Phishing" refers to type of social engineering attack that attempts to steal sensitive information such as usernames, passwords, credit card numbers, and bank account information.
Phishing messages are specifically crafted to mimic a real company that you would trust but they are not legitimate messages. These messages may be things like a password reset, a job offer, or an account deactivation. Its important to remember that a company will never randomly send you one of these messages. If you did not initiate a password reset, account deactivation, or anything along those lines, then the message is fraudulent.
A good rule of thumb to follow is that if something seems to good to be true, then it probably is. The best way to deal with these messages is to delete them and block the sender.
Here is an example of a phishing email:
Identifying Phishing - 7 Red Flags
When it comes to identifying phishing scams be on the lookout for.
Red Flag #1 - Urgent or Threatening Language
Remember: Real emergencies don’t happen over email or text.
Watch out for: Pressure to respond, Threats of closing account or taking legal action.
Red Flag #2 – Requests for sensitive information
Remember: Anyone asking for personal information over email or text probably shouldn’t be trusted with it, anyway.
Watch out for: Links directing you to login pages, Requests to update account information, Demands for your financial information (even from your bank!).
Red Flag #3 – Anything too good to be true
Remember: Winning a lottery is unlikely. Winning a lottery that you didn’t enter is impossible!
Watch out for: Winnings from contests you never entered, Prizes you have to pay to receive, Inheritance from long-lost relatives, Job offers you didn’t apply for, Gift card offers.
Red Flag #4 – Unexpected emails
Remember: Expect the unexpected, report it and then send it to the trash.
Watch out for: Do you know the sender? Receipts for items you didn’t purchase, Updates on things you didn’t order.
Red Flag #5 – Information mistakes
Remember: Searching for clues in a phishing email or text puts your love of true crime podcasts to good use.
Watch out for: Incorrect (but similar) sender email addresses, links that don’t go to official websites, Spelling or grammar errors (beyond the off typo a legitimate organization would miss).
Red Flag #6 – Suspicious attachments
Remember: Attachments might seem like gifts for your inbox. But just like real gifts, there not always good…
Watch out for: Attachments you didn’t ask for (such as contracts and invoices), Weird file names, Uncommon file types (.docm, xlsm, .pptm, .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .jar).
Red Flag #7 – Unprofessional design
Remember: For some reason, hiring a graphic designer isn’t on a cyber criminal’s priority list.
Watch out for: Incorrect or blurry logos, Image-only emails (no highlightable text), Company emails with little, poor or no formatting.
Malware & Ransomware
Within these phishing messages, it is key to remember to never click any links or download anything the sender attached. These links or files are almost always a form of malware. Malware, short for malicious software is a term used to describe any kind of computer virus or harmful program, these malwares are often used to steal sensitive information, or break your system entirely.
Ransomware is malware that uses encryption to hold a victims information ransom. Information like bank account information would be encrypted, and the cyber criminal would be asking for money to order to unlock it.
What Can You Do?
When receiving e-mails with links and attachments always be very careful to trust the message and the attachment before opening the attachment.
Things you can do: