Menu
General

Protect Yourself from Being Hooked by a Phishing Scam

by Brett McCuddy, TrinSoft 

What is Phishing?

Phishing occurs when a cybercriminal attempts to steal personal and financial information or infect computers and other devices with malware and viruses. 

  • Designed to trick you into clicking a link or providing personal or financial information
  • Often in the form of emails and websites
  • May appear to come from legitimate companies, organizations or known individuals
  • Take advantage of natural disasters, epidemics, health scares, political elections or timely events

Types of Phishing

  • Mass Phishing – Mass, large-volume attack intended to reach as many people as possible
  • Spear Phishing – Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.
  • Whaling – Type of spear phishing attack that targets “big fish,” including wealthier individuals and those with a great deal of authority or access.
  • Clone Phishing – Spoofed copy of a legitimate, previously delivered email. With this attack, the original attachments or hyperlinks are replaced with malicious versions, which is sent from a forged email address so it appears to come from the original sender or another legitimate source.

Common Tactics

  • Notification from a help desk or system administrator - Asks you to take action to resolve an issue with your account (e.g., email account has reached its storage limit), which often includes clicking on a link and providing requested information.
  • Attachment labeled “invoice” or “shipping order” - Contains malware that can infect your computer or mobile device if opened. May contain what is known as “ransomware,” a type of malware that will delete all files unless you pay a specified sum of money.
  • Notification from what appears to be a credit card company or PayPal Indicates someone has made an unauthorized transaction on your account. If you click the link to log in to verify the transaction, your username and password are collected by the scammer.

Phishing Example #1

  • Claims to include OneDrive document that has been shared with you
  • Sometimes utilizes the same HTML code for OneDrive emails
  • Includes hyperlink that points to fraudulent site

 

Phishing Example #1

 

Phishing Example #2

  • Claims to come from PayPal
  • Includes PayPal logo, but from address is not legitimate
  • Calls for immediate action using threatening language
  • Includes hyperlink that points to fraudulent site

Phishing Example #2

Phishing Example #3

  • Claims to come from Office 365
  • Includes Office 365 logo, but from address is not a legitimate email (.onmicrosoft.com)
  • Calls for immediate action using threatening language
  • Includes hyperlink that points to fraudulent site
  • Utilizes DNS queries to confirm you are using Office 365 mail servers
  • Email addresses user personally
  • Spelling is correct with only minor grammatical errors

Phishing Example #3

Detecting a Phishing Scam

  • Spelling errors (e.g., “pessward”), lack of punctuation, or poor grammar
  • Hyperlinked URL differs from the one displayed, or it is hidden
  • Threatening language that calls for immediate action
  • Requests for personal information
  • Announcement indicating you won something that you didn’t participate in

If you have cybersecurity concerns or questions, please contact us to learn more about how to protect yourself and your business.

Search in All Title Contents
2019 Jan  34  7
2018 Dec  15  6
2018 Nov  38  7
2018 Oct  45  4
2018 Sep  37  3
2018 Aug  48  5
2018 Jul  19  5
2018 Jun  48  6
2018 May  33  5
2018 Apr  355  6
2018 Mar  80  7
2018 Feb  42  5
2018 Jan  106  5
2017 Dec  90  9
2017 Nov  40  6
2017 Oct  73  8
2017 Sep  31  5
2017 Aug  152  11
2017 Jul  166  9
2017 Jun  121  11
2017 May  247  10
2017 Apr  28  6
2017 Mar  309  9
2017 Feb  166  11
2017 Jan  428  11
2016 Dec  182  10
2016 Nov  153  12
2016 Oct  22  11
2016 Sep  32  15
2016 Aug  33  16
2016 Jul  28  11
2016 Jun  35  12
2016 May  31  20
2016 Apr  36  5
2016 Mar  21  10
2016 Feb  47  3
2016 Jan  6  4