Menu
General

Protect Yourself from Being Hooked by a Phishing Scam

by Brett McCuddy, TrinSoft 

What is Phishing?

Phishing occurs when a cybercriminal attempts to steal personal and financial information or infect computers and other devices with malware and viruses. 

  • Designed to trick you into clicking a link or providing personal or financial information
  • Often in the form of emails and websites
  • May appear to come from legitimate companies, organizations or known individuals
  • Take advantage of natural disasters, epidemics, health scares, political elections or timely events

Types of Phishing

  • Mass Phishing – Mass, large-volume attack intended to reach as many people as possible
  • Spear Phishing – Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.
  • Whaling – Type of spear phishing attack that targets “big fish,” including wealthier individuals and those with a great deal of authority or access.
  • Clone Phishing – Spoofed copy of a legitimate, previously delivered email. With this attack, the original attachments or hyperlinks are replaced with malicious versions, which is sent from a forged email address so it appears to come from the original sender or another legitimate source.

Common Tactics

  • Notification from a help desk or system administrator - Asks you to take action to resolve an issue with your account (e.g., email account has reached its storage limit), which often includes clicking on a link and providing requested information.
  • Attachment labeled “invoice” or “shipping order” - Contains malware that can infect your computer or mobile device if opened. May contain what is known as “ransomware,” a type of malware that will delete all files unless you pay a specified sum of money.
  • Notification from what appears to be a credit card company or PayPal Indicates someone has made an unauthorized transaction on your account. If you click the link to log in to verify the transaction, your username and password are collected by the scammer.

Phishing Example #1

  • Claims to include OneDrive document that has been shared with you
  • Sometimes utilizes the same HTML code for OneDrive emails
  • Includes hyperlink that points to fraudulent site

 

Phishing Example #1

 

Phishing Example #2

  • Claims to come from PayPal
  • Includes PayPal logo, but from address is not legitimate
  • Calls for immediate action using threatening language
  • Includes hyperlink that points to fraudulent site

Phishing Example #2

Phishing Example #3

  • Claims to come from Office 365
  • Includes Office 365 logo, but from address is not a legitimate email (.onmicrosoft.com)
  • Calls for immediate action using threatening language
  • Includes hyperlink that points to fraudulent site
  • Utilizes DNS queries to confirm you are using Office 365 mail servers
  • Email addresses user personally
  • Spelling is correct with only minor grammatical errors

Phishing Example #3

Detecting a Phishing Scam

  • Spelling errors (e.g., “pessward”), lack of punctuation, or poor grammar
  • Hyperlinked URL differs from the one displayed, or it is hidden
  • Threatening language that calls for immediate action
  • Requests for personal information
  • Announcement indicating you won something that you didn’t participate in

If you have cybersecurity concerns or questions, please contact us to learn more about how to protect yourself and your business.

Search in All Title Contents
2019 Mar  13  3
2019 Feb  26  4
2019 Jan  74  10
2018 Dec  20  6
2018 Nov  46  7
2018 Oct  46  4
2018 Sep  38  3
2018 Aug  48  5
2018 Jul  21  5
2018 Jun  48  6
2018 May  34  5
2018 Apr  460  6
2018 Mar  84  7
2018 Feb  42  5
2018 Jan  117  5
2017 Dec  95  9
2017 Nov  41  6
2017 Oct  73  8
2017 Sep  31  5
2017 Aug  154  11
2017 Jul  172  9
2017 Jun  122  11
2017 May  267  10
2017 Apr  29  6
2017 Mar  375  9
2017 Feb  194  11
2017 Jan  461  11
2016 Dec  222  10
2016 Nov  204  12
2016 Oct  23  11
2016 Sep  37  15
2016 Aug  34  16
2016 Jul  29  11
2016 Jun  37  12
2016 May  36  20
2016 Apr  48  5
2016 Mar  21  10
2016 Feb  64  3
2016 Jan  6  4