CAREERS  |  BLOG
How to Recognize a Phishing Attack Cybersecurity

How to Recognize a Phishing Attack

Don’t get hooked.

In a world of ransomware and data theft, phishing attacks remain one of the biggest cybersecurity threats to businesses.

According to the FBI’s 2017 cybercrime report, fraudulent emails resulted in a total loss of nearly $1.4 billion. Furthermore, Wombat Security (now part of Proofpoint) reported 76% of businesses were victims of phishing attacks in 2017.

How are phishing attacks so successful? The scammers behind them are masters of social engineering, the practice of manipulating people into handing over sensitive information such as passwords or credit card information. In phishing attacks, this is done by creating emails just convincing enough to gain users’ trust, and their data.

However, if you know the signs to look for in a phishing attack, you’ll know how to protect yourself and your organization. Check out the email below received by a security expert at our sister company, Pearl Insurance, and learn what common traits you should look for in a phishing email.

1. Sender address.

One immediate sign that an email is fraudulent is the sender address. While attackers cannot create email addresses with the domain name of the company they’re trying to imitate, they can create URLs that are similar enough to almost look legitimate. In this case, the attacker went with “secure.micra-soft.com,” but other scammers may use a .net, .org, or .co domain when the actual domain is .com. Always make sure the domain is correct, and if you’re not sure, search for the company on Google.

Some spearphishing campaigns may even come in the form of emails seemingly sent from your manager asking you to perform some task, such as purchasing a large amount of gift cards. While they may be able to spoof your manager’s name, they can’t spoof your manager’s actual email address. If the sender address doesn’t match your manager’s, it’s a scam.

2. Logos that don’t quite look right.

Reputable companies like Microsoft have access to crisp, clear versions of their logo, but attackers may not have that luxury. Look for grainy, pixelated images, or logos with misspellings like the email above.

3. Content.

Carefully read through the email and take time to understand what they’re asking from you. Most companies will flat-out tell you they will never ask for any of your personal information unsolicited, and that’s a good rule of thumb. Unless you requested to verify or change your information, don’t trust such requests.

Another common trait to look for in phishing emails is poorly written messages. Although not all phishing emails will contain them, misspellings (“here by”) and grammatical errors (capitalization in the middle of a sentence) are telltale signs of a phishing attack. Skimming the email may be habit, but not reading carefully could cost you in the long run.

4. Links.

Finally, beware links. First and foremost, do not click the link. Phishing attacks will typically include links that drive users to a form where they actually enter their personal information. In a manner of speaking, this is the scammer’s call to action. Hover your cursor over the URL—do not click the link—and you’ll notice the link doesn’t go to a legitimate website. In the case of the above email, the link’s URL is a jumbled mess of numbers and letters. Just like the sender address, if the address doesn’t contain the real company’s actual domain, it’s a scam. And again, do not click the link.

So it’s a scam. Now what?

Trash it. Delete it. Get rid of phishing emails however you can once you recognize them for what they really are. If you’re part of an organization with multiple users, alert your IT department of the email so they can notify all users of the attack. If they came after you, they may also come after your co-workers.

This article is for informational purposes only.

Related Blog Posts

One Disaster Recovery Tip
Cybersecurity

One Disaster Recovery Tip That Could Save Your Business

Imagine crafting a piece of ransomware, a masterpiece designed to stealthily penetrate defenses, encrypting everything in its path, rendering data inaccessible to its rightful owners. The attack begins with phishing emails, exploiting software vulnerabilities, or brute-forcing weak passwords. Once inside,

Read More »
Tips to Help Protect Your Data
Cybersecurity

Tips to Help Protect Your Data

Given the recent AT&T data breach, Anthony Mini recommends the following:
1. Monitor your accounts with identity protection services.
2. Check the status of your e-mail accounts that have been exposed to other breaches using the website: https://haveibeenpwned.com/.<br

Read More »
Pearl Technology Hosts Operation Boomerang Cybersecurity
Cybersecurity

Pearl Technology Hosts Operation Boomerang

Those who attended today’s Operation Boomerang at Peoria’s Riverfront Museum learned some practical tips to stay safe from scammers. The event, which was geared toward protecting seniors from cybercrime, had a great turnout, and attendees walked away with information they

Read More »