Kylie Addison Sabra
October 9, 2019
Phishing has many forms. We were briefly introduced to Jane in Phishing – Up Close and Personal with the Phisherfolk. You likely are far more acquainted with her than you may realize. She is the most prolific of the phisherfolk and has a fondness for bringing loads of dynamite for her phishing expeditions. Spear phishing is just too much trouble for her. She would much rather pluck her stunned victims from the sea en masse by sending email attacks to millions at a time. She’s not looking to target any one. She’s after anyone.
Should I serve pineapple or tartar sauce with this email?
We get spam every day. Our mailboxes, both physical and virtual, are chock full of the stuff. Hence, why we open our daily mail over the garbage can and have spam filters on our computers. By definition, spam is commercial in nature, unsolicited and not generally intended to cause harm–unless you consider wasting your money on useless, ineffective products or get-rich-quick schemes harmful. Keep in mind that even the best spam filters can’t keep 100% of spam out of your inbox. Don’t click on anything in the email, delete it and move on. Deep down you know you don’t have a long-lost uncle in Kathmandu who is just dying to give you millions. Right?
But, when is spam more than spam? When it is a phishing attempt. As annoying as real spam is, it is also an unwitting vehicle for phisherfolk, like Jane, to ferry their way into your world. Phishing requires more thought on your part. And, since spam is the preferred mode of transportation for the phisherfolk, it requires more thought as well.
Keep in mind that even the best spam filters can’t keep 100% of spam out of your inbox. Don’t click on anything in the email, delete it and move on.
Email phishing poses a serious risk to your company. “An in-depth investigative study by Better Business Bureau (BBB) finds that business email compromise scams are skyrocketing in frequency and have cost businesses and other organizations more than $3 billion since 2016.”
“Is That Email Really From the Boss? A BBB Study of Business Email Compromise Scams.” BBB, Better Business Journal, 28 Sept. 2019
How to protect yourself from email phishing.
Install anti-spam, anti-virus software.
As a Zen Techworks Total Zen client, we manage these details for you–from procurement to implementation to ongoing monitoring.
Check the email header.
This is usually your first clue that something is off. Phishing emails often appear to come from businesses we know and trust. It can be easy to react without proper thought because we feel comfortable with them. Could be a bank, even your bank, telling you your account has been hacked. May be Facebook or Best Buy telling you need to update your payment information or change your password.
Take a closer look at the email address in the header? If it says it’s from Chase, then it should read @chase. com. Or any email coming from a company should read @companyname.com. Anything else is a red flag. And, to make matters worse, clever phisherfolk know how to make that header look just fine.
Abstinence is the sure-fire way to avoid phishing schemes. You absolutely can not go wrong by NOT clicking on an email link. Ever. Seem extreme? Your bank, Best Buy and any other reputable company offer a means to access your account information by going directly to their website. There is no need to use an email link to get there.
Beware of Calls to Action:
Anything that asks you to submit personal information or even click on a link is suspect. Delete it.
Abstinence is the sure-fire way to avoid phishing schemes. You absolutely can not go wrong by NOT clicking on an email link. Ever.
Hover over links.
Hold your mouse over the link in the email. Hover. Don’t click. Take a peek at the lower left-hand side of your monitor. You will notice that you can see what the link really says. So, the link in the email reads @chase.com. Lovely. Oh wait. The highlighted link actually says @gotyasucka.com? Probably not legitimate. Oh if only they were that direct!
Call the grammer police.
It’s unlikely that major corporations will put out mass emails with typos and grammatical errors. An email with even one or two might quirk a brow. No clicking.
In summary, take a deep breath and think before you click. Jane baits her hooks with fear and greed. She is the drama queen and is skilled at piquing emotions. Zen Techworks customers enjoy employee training, security software and peace of mind that we have them covered. They even get a “Report Phishing” button.
There is no need to be fearful of your email–just considerate.
Time Out For Fishing
The Federal Trade Commission has put together some fun games that teach phishing awareness. Give this one a try. Phishing Scams–Avoid the Bait. The FTC asks, “Will you live to fish another day?”