Most people have been the victim of a phishing attempt, even if they don’t know what “phishing” means. Google dictionary defines phishing as: “The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”
Phishing is a form of social engineering; an attempt to use person-to-person skills to obtain information which the attacker is NOT entitled to.
While email programs have gotten better at identifying this type of unsolicited email, it’s not perfect, and in most cases a years old business email address will get dozens if not hundreds of phishy solicitations every every year.
Here are a few things to help identify a phishing attack:
- Emails with generalized or incomplete greetings. Phishing emails often include generic or incomplete greetings, such as “Hello Customer” rather than using the recipient’s actual name.
- Emails requesting personal information. Most legitimate companies will never ask customers for login credentials or other private information by sending a link to a website in an email.
- Emails requesting an urgent response. Most phony emails attempt to create a sense of urgency and importance. Often, they offer a deal that expires “very soon” in an attempt to get you to act before you think it through. Don’t do it!
- Emails with spoofed links. Move your mouse pointer over the link and hover there to verify the link matches the text before you even think about clicking.
- If the email appears to be from someone you know, but weren’t expecting an email from, verify that they sent it by phone or other means before you click the links.
Desert Sky IT offers 1-2 hour training courses to help your staff identify and protect against phishing and other attacks. To schedule a free consultation, call us: (520) 352-7557