Phishing Attack Prevention

Cyber Security - Phishing Attack Prevention

New phishing scams are being developed all the time. As a result, it is important to stay on top of phishing techniques.  After all, the best way to avoid falling prey to a phishing attack, is to understand what to look out for.

What is a Phishing?

Phishing is an attempt to lure an individual into providing sensitive personally identifiable information such as passwords, banking and credit card details.  This cyber crime targets individuals via email, phone or text message posing as a legitimate organisation.  Unfortunately for those who fall victim, it can result in identity theft as well as financial loss or data loss.

Example of a Phishing Attack

You may receive an email from Microsoft claiming there is an issue with your account.  The email will ask you to click on a link to fix the issue. The link will open a webpage and ask you to login.  However, when you enter your details and click next, nothing will happen.  Alternatively, it will redirect you somewhere else.   This is a typical phishing scam and you have now provided sensitive information.

A further example below is a fake Microsoft notice.  It is almost identical in appearance to an actual notice from Microsoft concerning “Unusual sign-in activity”.  The email below requests users to call a phony 1800 number or click on the website link.

Phishing Attack Prevention

The backbone of any successful phishing attack is a well-designed spoofed email or spoofed website.  As a result it always pays to be vigilant when opening emails and visiting websites.

Signs of Email Phishing

Name & Email:

  • Look at the greeting.
    • Does the greeting use your actual name or is it a generic greeting?
    • Generic salutations are a red flag.
    • Phishing emails can be very impersonal. (This is due to them sending the same email to thousands of other people).
    • If the email is directed at you, check the way the sender writes or how they communicate with you. Verify if it has changed from last contact.
  • Look at the email header.
  • What is the sender’s address?
    • Addresses are usually carefully designed to look authentic. However on closer look, you can usually identify inconsistencies.
    • If possible, try to compare the sender’s email address to that of a previous message from the same company.

Check the Font & Style:

    • Does the font look strange?
    • Check for unnecessary large text or if the font style has changed since last email correspondence.
    • A lot of phishing attempts have 90’s style formatting such as background colour to links. They are also known to use Times New Roman font in emails.

Links:

    • Does the link look strange?
      • Most, if not all phishing attempts will have a link which will ask you to log into a portal, such as “Google or Microsoft”. This portal is fake and is used to lure you to provide your login credentials. Alternatively, it may link directly to an instant download which can be a crypto locker virus or keylogger.  Keylogger notes down all your key presses, saving passwords and other sensitive information.
      • A handy tip is if you hover over the link with your mouse, it will show the true website URL.  Does it look different from the actual link or look like it directs to a completely different website?  If so, it is most likely a phishing website or virus download.
      • You can minimise your risk significantly, by never clicking on a link without checking its authenticity. Make it a policy to always type in the URL of the site that you need to access manually. Upon arriving on the site, you will be able to confirm whether or not the message that you received was legitimate.

Attachments:

    • Be cautious with attachments.
    • If you have any attachments in an email that are read with less than 100% confidence, you should take extreme caution.
    • It is advisable to always call the sender to double check the veracity of the email.

Verification:

    • Did you expect this email?
    • If you’re uncertain of an email, do not reply directly to the email, but format a new email. Furthermore, you can also contact the sender to see if they have sent the email. If not, it is most likely a phishing attempt.
    • Most companies will not ask for your details over email. However, to be sure please check the company’s policies regarding this.
  •  

Ultimately, if you believe you have received a suspicious email, perform a quick Google search of the sender, subject line and some of the contents.  This will quickly show you if others have received the same suspicious email.

Responding to Phishing Attacks

If you think you have opened a malicious link, follow these steps:

  1. We recommend immediately disconnecting your device from the internet and any network it is linked to. This will reduce the risk of the malware spreading through your system.
  2. Report the incident immediately.

Overall, if you receive a suspicious email and would like to ascertain its authenticity, call Techstream Solutions today.  We can happily assist and assess the email in question.

Online security problems? Speak to us our IT support team. 

 

Reliable business IT services for all industries.

Based on the Northern Beaches, Techstream Solutions are Sydney IT consultants who provide computer support services to a wide range of industries, government bodies and not-for-profits.

Our clients enjoy a dedicated local computer support help desk and convenient ticket management system where our highly experienced consultants and engineers are readily available to provide effective ITC support assistance.  We understand that downtime can be stressful and very detrimental to your business operations.

Optimising your workplace IT environment

We aim to optimise your workplace IT environment so it will operate at maximum efficiency. Furthermore, any ITC issues will be resolved swiftly by our expert support team. Overall, we can attend to all your business computer support requirements including managed IT, cloud services, backup and recovery,  and security. Our IT consultants can manage every aspect of your ITC infrastructure projects and upgrades.

Get in touch to discuss your IT support needs