Phishing is used for tricking email recipients into thinking the email comes from a known source such as a bank or utility company. You should never download any attachment or click any link unless you are certain of the source. We have seen numerous attackers disguise themselves as a real person or company. This type of attack began during the 1990s, has become more sophisticated and is commonly used today.
What is Phishing and How Does it Work?
Phishing is an attack through email, SMS text messages, social networks or direct messages in an attempt to gain personal information including financial details, work history, activities and interests. We have seen phishers obtain email addresses, names, personal details pertaining to key employees and job titles. This information is used to target companies through an email containing malicious attachments or links. We urge you to be careful regarding any potentially fake emails.
Emails may contain phishing software through links and attachments. The attacker is connected to the email through a malicious website. The intent is the installation of malware on your device or to trick you into revealing financial or personal information including credit card details, account IDs and passwords. However, you can prevent phishing attacks through an access management platform providing convenient and secure access such as Teamstack.
Protect your account
You should also use anti-phishing software, antivirus security, phishing security and email security for the best possible protection.
Examples of Phishing
There are several common types of phishing attacks that you and your employees definitely need to be aware of:
- Forged Links: If you receive an email with a recognizable name in the contents, the email may not be real. We recommend placing your mouse over the link to determine if it matches the email. Do not click the link if you see the slightest discrepancy. Above all, if the website link is HTTP as opposed to HTTPS, do not proceed because the site is not secure.
- Generic Greetings: Phishing emails often use generic titles such as Electric Utility Customer. In other words, if your name does not appear, be suspicious. We recommend calling the company directly.
- Urgency: If you receive an email attempting to make you act quickly due to urgency, it may be an attempt to steal your information.
- Personal Information Requests: Any email requesting personal information may be a phishing attempt. Once again, we recommend calling the organization directly.
- We encourage you to conduct a phishing mail test at your company and use Teamstack security software.
How to Recognize Phishing
Phishing emails often include a company name, company graphics and logos. There are clues you can use to determine if the email is fake. At Teamstack, we recommend looking for the following.
- Public email addresses as opposed to corporate emails
- Misspelled or suspicious URLs and subdomains
- A request for personal information
- Poorly written messages with grammatical errors
Types of Phishing
Based on the phishing channel, we can classify the types of phishing attacks into the following categories:
- Spear Phishing: This is an email created for authenticity. We recommend looking for a reference to your name, personal information, location, company executive or co-worker.
- Clone Phishing: This is a legitimate email you have received in the past with an attachment or link. Attackers copy your email while replacing attachments or links with malware attachments or malicious links. If you receive a clone phishing email, phishers may be in control of your system. We recommend tighter, cloud-based security such as what we offer at Teamstack.
- Whaling Attacks: Whaling attacks an organization’s senior executives with the intent of stealing a large amount of money. These emails usually appear genuine. If the email seems to be from an executive with the intent of authorizing a large vendor payment, you should be very suspicious.
- Pharming: This attack is dependent on redirecting you from a legitimate site to a fake site to trick you into logging in, because somebody might steal your credentials.
- Twin Wi-Fi Attack: This is an attack using an access point for Wi-Fi. It is advertised using a deceptive name much like one of the legitimate access points. If you connect, the attacker has access to all transmissions including your password and ID.
- Voice Phishing: Hackers use this attack for telephone service or voice over IP. Speech synthesis software is used for leaving voicemails telling you there has been suspicious activity. We strongly recommend against using the phone number left on the message because it will be used to compromise your account. If you have any doubts, contact the company directly.
What to do if You Suspect Phishing
If you believe a phishing attempt has been made, we recommend taking the following steps:
- Do not open the email and do not reply at all
- Delete the email immediately
- No downloading of any attachments
- Do not click on any links or attachments
- Report the phishing attempt
- Use the online complaint assistant for the Federal Trade Commission
Have you Already Responded to a Phishing Email? It is Not Too Late
Obtain protection for phishing attacks as quickly as possible. As an access management and cloud identity platform, Teamstack offers your company convenient and secure access. We work with more than 500 different applications to provide simple yet extremely effective phishing security. Email security is imperative for the protection of the business.
Five Steps to Protect Yourself from Phishing Attacks
- You can decrease the risk of phishing attacks by using caution while checking your emails. Never click on a link unless you are 100% certain of the authenticity. Remember, no legitimate organization including your bank will ever ask for personal information through an email. You can decrease your risks by using anti-phishing software.
- If you are suspicious, reread the email. Phishing emails often contain a lot of typos, exclamation marks and words typed in capital letters. Look for impersonal greetings such as Dear Madam or Sir or Dear Customer. You can spot the mistakes in the email if you are careful. A phishing mail test will determine how well employees respond to a phishing attack.
- Shortened Links: A shortened link may be a sign of a phishing attack. In addition to using phishing software, place the mouse over the email link to determine if the website matches the website listed in the email text.
- We recommend using extreme care if you receive an email with an urgent deadline or containing threats. A reputable business may require urgent action. This has occurred after a data breach and is not standard policy but an exception. When an apparently legitimate company requires urgency or makes threats, it may be a phishing attempt. This is yet another reason antivirus security is critical. The most common threats are notifications regarding a fine or requesting actions to prevent account closures. Ignore the email and contact the company directly.
- When a website begins with https://, this means the browsers address bar contains a security lock icon. The “S” is critical for both browsing and sending personal details online including your credit card details. At Teamstack, we strongly recommend against using an unsecured or public Wi-Fi to enter your personal details including shopping or banking. You should never place convenience over your own safety. If you have any doubts, use the LTE or 3/4G connection available through your mobile device.
Take care before it’s too late
Making an effort to spot unsecure or questionable websites is worth every second of your time. Some of the major search engines are making the effort to label any website without the right protection. This does not mean you do not need additional protection for your business.