Photos by Hillary Ehlen and via Pexels
By Jamie Maguire
Presented by High Point Networks
High Point Networks is a value-added reseller (VAR) of information technology providing solutions to both the SMB and enterprise level markets in the upper Great Plains. They offer organizations best-in-class voice and data networking solutions, supported by the best professional services team in the region. Their solutions solve real challenges and provide measurable return on investment.
Email has become the de facto method for office communication, and the bad guys know it too. This has led to a common threat called phishing emails. A phishing email is an email that appears to come from someone you recognize, but really isn’t. The email might prompt you to reset your password by clicking on a link, contain an attachment that you’re supposed to open or may be just asking for a quick favor. In either case, it’s usually a scam and the bad guys may be trying to get you to download malware, give up your password or provide sensitive information. Let’s look at a few phishing emails that some of our customers have received.
The email looks like it’s coming from the helpdesk, but the email address in the “From:” field doesn’t match who you would expect to see in that field. The email explains that the recipient’s password is set to expire, and they need to follow the link and log in to keep their account. However, if we hover our cursor over the link (don’t click, just hover) a small window will pop up and show us where the link will take us: “hlpdsk.moy.su.” This should be a big red flag because it does not match the email address that the email was sent from. In addition, the end of the URL, the “.su” tells us the website is registered in the Soviet Union, another red flag.
In addition to including links inside emails, scammers may try to imbed a link inside a seemingly benign attachment. In such cases, the email itself is usually harmless, but includes an attachment that may prompt you to run a macro or click on a link. Most commonly these malicious attachments consist of Word Documents, PDF’s and Excel Spreadsheets. Beware of any unfamiliar documents that prompt you to enable content or click links inside them.
As people have gotten better at scrutinizing URL’s, the scammers have begun to use legitimate URL shortening services to hide the links. If you perform the hover test on a link and see a shortened URL from sites like tinyurl.com or ow.ly, exercise caution.
In this email, the scammers included the recipient’s password and attempt to blackmail the victim. The email explains that the reason the hacker has the victim’s password is because they infected the victim’s computer with malware. In addition to discovering the victim’s password, they go on to explain they have been spying on the victim and may have uncovered a few dirty secrets. The scammers are bluffing. They have simply gathered password from data breaches that have occurred elsewhere on the internet and matched them with email addresses. The scammers are counting on their victims reusing that same password and feeling guilty about their browsing habits.
Here Are Four Tips To Help You Identify Phishing Emails:
1. Slow Down
Slow down and read the email in its entirety. Often a lot of phishing
emails contain grammatical errors, or just don’t quite make sense when read out loud.
2. The Hover Test
If an email is prompting you to click a link, move your cursor to hover over the link, but don’t click it. If you hover your cursor over the link, a small box should pop up that will show you exactly where the link is taking you. Make sure that the link makes sense in the context of the email.
3. Check The From Field
Always check the “From” field of an email carefully, and make sure the name and domain of the email address seem legitimate. For emails you receive on phones, this is a little trickier because you need to tap the name of the sender to see the full email address the message was sent from.
4. Check With IT
When in doubt, alert your IT staff to suspicious emails, even if you already responded to the email or clicked a link inside. Your IT staff should be able to check the email with you and determine if the email is legitimate or not.
Not feeling confident? Contact High Point Networks to find out how your business will react to a customized email phishing campaign.