• Home
  • About
  • Services
  • Cyber Security
  • Software & Hardware
  • Cloud Computing
  • Blog
  • 📞 832-295-1411
832-295-1411 info@executiveithelp.com | Client Logins
facebook
linkedin
twitter
google_plus
  • Home
  • About
  • Services
  • Cyber Security
  • Software & Hardware
  • Cloud Computing
  • Blog
  • 📞 832-295-1411

Technology

Recognizing Phishing Emails – Stay Safe

21 Aug 2018
0 Comment
David McDowell
email, phishing, recognizing phishing email

Recognizing Phishing Emails is the Key to Staying Safe

Phishing emails are becoming much more common.  No one is immune.  If you have an email account, you will receive a phishing email at some time or another.  So, what exactly is phishing and how do you recognize it?

“Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.”  Webroot

The term ’phishing’ is a spin on the word fishing, because criminals are dangling a fake ’lure’ (the email that looks legitimate, as well as the website that looks legitimate) hoping users will ’bite’ by providing the information the criminals have requested – such as credit card numbers, account numbers, passwords, usernames, and more.”

Many phishing emails bypass anti-virus software as there is no malicious content in the email itself.  Rather, it is the link within the email that when followed, spoofs a website, or as in the case below, links to a legit site that contains a malicious file, and asks for the user to logon.  Once you logon to the fake site, your user name and password have been recorded.  So, learning to recognize and question phishing emails is extremely important.  In addition to phishing, file downloads using third party sites to host the malicious file is an increasing threat.  Remember Cyber Criminals work full time trying to trick you.

Phishing Emails, Malicious files – How Do You Recognize Them?

Office 365 Phishing email

A phishing email that spoofs Office 365 has been extremely successful in harvesting user login info.

“Your mailbox has exceeded it’s mail-quota and due for upgrade.  To continue using your mailbox, Please upgrade to your extra 15GB  plan with just a single click without any charges”

A very successful phishing campaign involves Office 365.  By designing the message to look like it came from Microsoft and creating an urgency (possibly missing or losing email), this attack has resulted in a high volume of compromised accounts.  The first clue that this email is not legit is the incorrect use of grammar, punctuation and capitalization.  Microsoft would not sent out such a poorly written email.  By hovering over the action box and looking at the linked website, it will show that the site it is taking you to is not legit.

Transfering Malicious Files using a Legitimate Website

wetransfer.com malicious file download

Email links to a legit website, however the download file is malicious.

Upon receipt, we need to question why “orders@amazon.com would be sending a file.  And why would they send it through wetransfer.com?  In this case, clicking on the link, takes you to a legit website wetransfer.com.  The download file has been deleted recently, but more than likely contained a virus.  Similar attacks have used Dropbox, Docusign and other legitimate sites.  Other versions of cyber attacks, appear to be from wetransfer.com (or Office 365, Docusign, ….) to take you to a spoofed website that looks legit and asks you to login.  Once you enter your login information, your account is compromised.

Stu Sjouwerman wrote an excellent article on how many phishing attacks fly under the radar and how to recognize them.  You can read it here.

Effective Training of Employees is your First Line of Defense

Executive IT Help offers an affordable security bundle to help protect your company from phishing emails and more.  We have seen incredible results from the Phishing training.  One customer had a 71% failure rate on the baseline phishing test of approximately 50 employees.  After a 15 minute online training and another simulated phishing test, the failure rate dropped to less than 5%.  Our phishing training is an affordable, valuable tool that educates your employees.   If you are interested in learning more about our security bundle,  please call us at 832-295-1411.

Social Share

  • google-share

Request Information

    Categories

    • Blog
    • Services
    • Uncategorized

    Quick Menu:

    • Home
    • About
    • Managed Services
    • Cyber Security
    • Software and Hardware
    • Cloud Computing
    • Blog
    • Contact

    Recent Posts

    • 62 Texas, United States Based Business Information Systems Companies | The Most Innovative Business Information Systems Companies
    • SCAM OF THE WEEK: Using QuickBooks to Make a Quick Buck
    • SCAM OF THE WEEK: Malicious Multi-Vector Attacks
    • SCAM OF THE WEEK: What’s Up with WhatsApp Scams?
    • SCAM OF THE WEEK: Prime Time for Amazon Prime Day Scams

    Our Location:

    Executive IT Help, Inc.
    1414 South Loop W, Suite 110
    Houston, TX 77054
    832-295-1411

    Managed It Services · Security · Software and Hardware · Cloud Services · Data Backup · Disaster Recovery
    Serving Houston, Pasadena, Galveston, Sugar Land, Texas City, and surrounding areas
    © Executive IT Help, Inc.

    Executive IT Help Consultation

    Name(Required)
    Company(Required)