Phishing is an evolving attack strategy, making it challenging for regular users to stay vigilant. Cybercriminals play upon common urgencies that might arise in everyday life. Phishing scams often use multiple methods of deception within a single attack. Often these scams use link manipulation and website forgery to make their scam as convincing as possible. Regardless of what the message is, the objective is still the same – to convince you to take some type of direct action. Here are some common phishing ploys that millions of users receive constantly:
In each of these cases, you should have hit the DELETE button. The problem is that even though we may suspect the legitimacy of these messages, users still click them out of the remote chance that indeed they might be real. You should verify an action-oriented email.
The best way to confirm the legitimacy of a suspicious email is to disconnect from the email before acting on it. For instance, you can quickly confirm a problem with your account by simply logging onto it using a fresh web browser page. Upon logging in, the site will immediately alert you of any problems with your account at that time. If you have made a recent purchase to an account, then you will see it in your order history. If you never heard of the company issuing you the invoice, do a quick web search on them, and contact them using that information. If you ever receive an email from the IT support team that asks you to do something that seems out of character, pick up the phone or initiate a new email thread to ask for confirmation. Chances are that your IT team will never ask “you” to do anything because it is their job to update your computer.
Never click an embedded link to a well-known website. Pull up a fresh browser and go to the site. Never call an included phone number. Go to the company’s website and find the support number or initiate a chat session. You should also not click on an attachment unless you absolutely trust the source and purpose of it. In other words, if you think the email is alerting you of something real, treat the email as simply an alert. Then take separate action outside of the email itself.
The most common action that cybercriminals want you to take is to click some type of phony or manipulated link. If you feel compelled to click an embedded link rather than making a separate connection using a fresh web browser page, you should at least take this simple precaution. Hover your mouse over any embedded links, images or navigation button to ensure that the links go where you expect them to go.
Cybercriminals often use the same well-known companies over and over again as most people have an account with one or more of these firms. These include Microsoft, UPS, Apple, FEDEX, the IRS, Google, Amazon, Netflix, etc. Because of the frequency of attacks involving their names, most of these companies have a page dedicated to helping users identify if an email using their name is legit. These companies often make it clear that they will never ask you to do things such as:
If you do happen to click on a link or attachment and realize you were duped, you should take these simple measures ASAP.
In addition to a healthy dose of skepticism and cyber hygiene, you should be using some type of advanced email security system such as SpamTitan. This intelligence-based solution utilizes advanced phishing protection, double antivirus protection and proven spam blockers just to name a few features. SpamTitan takes much of the deliberation about email legitimacy out of the equation because it eliminates most of it before it hits your inboxes.
Sign-up for email updates...