Before learning how to avoid phishing and other fraud schemes, what is phishing? Phishing is when an attacker crafts emails that look like a real email with call to actions and genuine content, but once a button or link is clicked or an attachment is accessed or downloaded from the email, custom code is run to exploit vulnerabilities and gain access to administration functions. A successful phishing email opens the affected computer to outside control which in turn allows access to the network that computer resides on. This provides the basis for multiple breaches, both of the local user accounts and data as well as those of the entire network that the computer has access to.
How do you spot a phishing email? It is not as easy as it used to be. Hackers have gotten clever in how they design the emails to make them look more legitimate. Phishing emails will often have the following characteristics:
- Ask for a username and password
- Are unexpected but appear to come from a trusted source
- Contain content that urges the user to act promptly (click links, download files, call phone numbers, etc…)
- Look like they come from Accounting, HR, an IT department or from a friend or contact of the user
- Include grammatical errors
- Contain email address that are different between the header and body (Ex: @ourcompany-othersite.com or like @gmailll.com)
- Have links that show a different destination when you hover over them
To read more on How to protect your practice from phishing breaches, you can visit our Cyber liability insurance page by click the button below:
Check back on the ECMA Blog next week to learn what steps you need to take if you receive a phishing email.