Contenu connexe Similaire à 5 Tell-Tale Signs of Phishing (20) 5 Tell-Tale Signs of Phishing1. S T R A T E G I E S
Your Team.
©
Copyright
2021.
CBIZ,
Inc.
NYSE
Listed:
CBZ.
All
rights
reserved.
Article reprinted from Summer 2021
Risk Management
5 Tell-Tale Signs of Phishing
P
hishing is the fraudulent practice of sending emails
claiming to be from reputable companies to induce
individuals to reveal personal information. As hackers
get better and better at their game, it’s important to know
how to spot a suspicious email to help your business avoid a
cyber breach.
The following are five tell-tale signs of phishing attempts:
1. Suspicious Sender Address
One of the easiest signs to spot is a fake sender address.
However, they can sometimes appear legitimate because
many hackers use generic email domains like Yahoo or Gmail.
Spoofing, the art of using lookalike and cousin domains,
can also be a warning. Attackers purchase email domains
with similar names and extensions, such as .biz, .net, or .co.
Inspect the “from” address to see if it has a letter or symbol
out of place; this is a good indication it’s bogus.
2. Generic Salutation & Sign-Off
Another strong sign of a phishing attempt is when the
message content addresses the email receiver as a generic
person or business rather than an individual. Emails with
generic salutations will typically begin “Dear Customer”
or “Dear Mrs.” Many of these emails will sign off with a
department name or customer service title instead of the
sender’s real name and contact information.
3. Subject Lines that Raise Concern
Scare tactics are used to get the reader to open the
email and download files or click into websites. These subject
lines are often designed around updates required for your
computer (immediately) or a payment that urgently needs to
be made. Another common example is “Your password has
expired.” Also, examine the subject line for spelling errors and
poor grammar.
4. Fake File Attachments
A well-thought-out phishing attempt can look completely
normal but have odd attachments. These attachments may
appear like a PDF file or Word document, but they’re really just
an image with a hidden URL. These can redirect you to fake
login screens, meeting invitations or Zoom logins.
5. Use of URL Shorteners
Hackers will sometimes disguise rogue URLs by using URL
shorteners. Before clicking on the link, hover over it and look
for misspellings and how the URL ends. For example, “.ru”
on the end means the site was created in Russia and “.br”
means Brazil. If you weren’t expecting an email from a foreign
country, don’t open it.
If it feels off, don’t open it!
A phishing message will always strive to look like a
legitimate message from an organization or individual. The
same fonts, logos and branding colors are used in these
emails to fool people. They also exploit basic human instincts
by crafting messages that play on a victim’s emotions.
When you click into these messages or URLs, you could
be stuck with some kind of malware that could take over
your devices for a long time. Further, the cyber criminal
could learn important information about you, such as your
banking and other financial information.
If you think you’ve been involved in a phishing
scam, received fraudulent charges or become a victim
of identity theft, refer to the Federal Trade Commission for
more information.
CBIZ RISK MANAGEMENT TEAM