Menu
General

Protect Yourself from Being Hooked by a Phishing Scam

by Brett McCuddy, TrinSoft 

What is Phishing?

Phishing occurs when a cybercriminal attempts to steal personal and financial information or infect computers and other devices with malware and viruses. 

  • Designed to trick you into clicking a link or providing personal or financial information
  • Often in the form of emails and websites
  • May appear to come from legitimate companies, organizations or known individuals
  • Take advantage of natural disasters, epidemics, health scares, political elections or timely events

Types of Phishing

  • Mass Phishing – Mass, large-volume attack intended to reach as many people as possible
  • Spear Phishing – Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.
  • Whaling – Type of spear phishing attack that targets “big fish,” including wealthier individuals and those with a great deal of authority or access.
  • Clone Phishing – Spoofed copy of a legitimate, previously delivered email. With this attack, the original attachments or hyperlinks are replaced with malicious versions, which is sent from a forged email address so it appears to come from the original sender or another legitimate source.

Common Tactics

  • Notification from a help desk or system administrator - Asks you to take action to resolve an issue with your account (e.g., email account has reached its storage limit), which often includes clicking on a link and providing requested information.
  • Attachment labeled “invoice” or “shipping order” - Contains malware that can infect your computer or mobile device if opened. May contain what is known as “ransomware,” a type of malware that will delete all files unless you pay a specified sum of money.
  • Notification from what appears to be a credit card company or PayPal Indicates someone has made an unauthorized transaction on your account. If you click the link to log in to verify the transaction, your username and password are collected by the scammer.

Phishing Example #1

  • Claims to include OneDrive document that has been shared with you
  • Sometimes utilizes the same HTML code for OneDrive emails
  • Includes hyperlink that points to fraudulent site

 

Phishing Example #1

 

Phishing Example #2

  • Claims to come from PayPal
  • Includes PayPal logo, but from address is not legitimate
  • Calls for immediate action using threatening language
  • Includes hyperlink that points to fraudulent site

Phishing Example #2

Phishing Example #3

  • Claims to come from Office 365
  • Includes Office 365 logo, but from address is not a legitimate email (.onmicrosoft.com)
  • Calls for immediate action using threatening language
  • Includes hyperlink that points to fraudulent site
  • Utilizes DNS queries to confirm you are using Office 365 mail servers
  • Email addresses user personally
  • Spelling is correct with only minor grammatical errors

Phishing Example #3

Detecting a Phishing Scam

  • Spelling errors (e.g., “pessward”), lack of punctuation, or poor grammar
  • Hyperlinked URL differs from the one displayed, or it is hidden
  • Threatening language that calls for immediate action
  • Requests for personal information
  • Announcement indicating you won something that you didn’t participate in

If you have cybersecurity concerns or questions, please contact us to learn more about how to protect yourself and your business.

Search in All Title Contents
2019 Jun  5  2
2019 May  23  5
2019 Apr  26  2
2019 Mar  30  3
2019 Feb  29  4
2019 Jan  87  10
2018 Dec  20  6
2018 Nov  61  7
2018 Oct  47  4
2018 Sep  39  3
2018 Aug  50  5
2018 Jul  22  5
2018 Jun  49  6
2018 May  36  5
2018 Apr  534  6
2018 Mar  85  7
2018 Feb  42  5
2018 Jan  126  5
2017 Dec  96  9
2017 Nov  42  6
2017 Oct  73  8
2017 Sep  31  5
2017 Aug  154  11
2017 Jul  177  9
2017 Jun  123  11
2017 May  300  10
2017 Apr  29  6
2017 Mar  451  9
2017 Feb  225  11
2017 Jan  486  11
2016 Dec  264  10
2016 Nov  297  12
2016 Oct  23  11
2016 Sep  43  15
2016 Aug  34  16
2016 Jul  29  11
2016 Jun  41  12
2016 May  40  20
2016 Apr  55  5
2016 Mar  22  10
2016 Feb  74  3
2016 Jan  6  4