General Information

Don’t Get Hook’d

phishing blog post graphic
07
Dec

Don’t Get Hook’d

As we approach the end of 2018, a year that saw global companies fall prey to malicious attacks and millions of individuals personal information stolen; we look back and wonder what, if anything, could have been done to stop such acts of malice. One word that comes up is Phishing. By the end of 2017, the average user was receiving 16 malicious emails per month according to the Symantec 2018 ISTR survey. According to Wombat 2018 State of the Phish, 76% of organizations say they experienced phishing attacks in 2017.

What is Phishing?

As one of the most, if not THE most common type of cyber-attack, phishing attempts are often targeted at large organizations to secure confidential information. However, large organizations are not the only ones at risk; individuals are too. Phishing is defined as, “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.” Phishing attempts are delivered straight to employee’s email inboxes and can resemble reputable companies or even another member within the same company..

4 Steps You Can Take To Avoid Phishing Attempts

Phishing attacks can be somewhat difficult to spot, but the more informed an individual is, the greater chance they’ll notice these malicious emails and prevent themselves from falling prey to such attacks.
    • NEVER provide sensitive information via email, such as passwords, usernames, credit card numbers… etc.
Some not so sneaky phishing attempts go straight for the prize, they’ll simply ask you to provide your username and/or password to confirm your identity.
    • Inspect URLs to ensure they’re legitimate websites
Inspecting a URL is easy, just hover over the link with your mouse, you should see the URL link pop-up where you can then examine it further. Look for misspellings of actual sites such as www.yourrcompany.com (Notice there are two R’s in the address). Attackers may also display one link, such as www.yourcompany.com, but when inspected, the URL may prove to be another, such as www.phishingattempts.com.
    • Do not click on attachments from senders you don’t recognize or documents you are not expecting to receive.
Malicious attachments often come in the form of invoices or commonly named documents. If you weren’t expecting a document, it’s best practice to resist opening it.
    • If you are a even a little bit suspicious of the email, check the sender’s email address.
Phishing attempts typically portray reputable companies or even colleagues of yours. When in doubt, check the sender’s email and again be vigilant of small mistakes in the sender’s email address. It may look like that email is coming from jake@yourcompany.com, but in fact, it is coming from jake@yourrcompany.com (There’s those two R’s again). Some senders will not attempt to hide or spoof their email address; they may only adjust the display name to resemble a known colleague.

Think your site may have been compromised due to a phishing attack? Contact us, and we’ll be more than happy to assist in any way we can.