Phishing is an easy, cheap and effective defrauding method. Chances are high that you've dealt with phishing attempts. When cyber criminals us email to deceive people into downloading a piece of malicious software or providing personal or financial information, that's called phishing.
More than 100 billion spam emails are sent each day worldwide, with email filters blocking only 10% of them. Of those, nearly half are opened, which is how phishing has become a multi-billion dollar industry. Help protect yourself, your organization and your corporate data by using these five tips for spotting phishing attacks.
1. Linked URLs are different from the one shown.
Often the URL in a phishing message will appear to be valid at first glance. However, if you hover your mouse over the the URL, you will see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed then the message is likely a phish. This is more difficult to see and validate on a phone or tablet.
2. Look for URLs that contain misleading domain names.
Criminals use this phishing technique to trick victims that the message came from a company like Microsoft, EBay or the FBI. The phisher creates a child domain bearing the name for a well-known company like Amazon or Apple. The resulting domain name looks something like this: amazon.criminalphishingdomainname.com. It is the last part of the domain name that gives it away – in the previous example criminalphishingdomainname.com. Anything before this is meaningless or just misleading.
3. Beware of messages that ask for personal information.
Regardless of how official or convincing the email message looks if it is asking for confidential information you should be on high alert. Your bank doesn’t need you to send them your account number. Similarly, your credit card company should never send an email asking for your password, credit card number, or the answer to a security question.
4. If it seems too good to be true ...
You know the old familiar saying, and it is especially true when it is an email message. If you receive a message from someone who is making big promises, then the message is probably a con.
5. Watch out for messages demanding you take immediate action.
Another phishing technique is to trick you into clicking a link urging you to take immediate action – the message may state that your account has been closed or put on hold, or that there’s been fraudulent activity that requires your immediate attention. It is conceivable to receive a legitimate message informing you to take action on your account. But to be safe don’t click the link in the email, no matter how genuine it appears to be. Instead, log into the account in question directly by visiting the appropriate website, then check your account status.