How to Recognize Phishing Attempts
Written by James Lijewski, Level 3 Network Technician/Support Center Team Leader
Phishing emails, links, and phone calls are designed by hackers and thieves to steal money. They attempt to do this by various means, including calling you claiming to be a bank you do business with to confirm account information, or sending you an email pretending to be your manager and request a large money transfer for a purchase. One red flag to look for is that they may try to prey on your emotions by making it sound like an urgent request that needs to be taken care of immediately.
As time goes on, phishing scams are gaining in complexity and the emails are looking more legitimate. Attackers now appear to be targeting phishing attempts at specific individuals, roles, or companies. These attackers are doing more research on said individuals and companies, in hopes of making the attack more believable. Various information they may find could be readily available on your company website, such as your name, job title, and phone number. With the information they find, they may attempt to send an email that looks like it came from the CEO and send it to the Finance department to have them make a fund transfer to another account, for example.
Below are some things to look out for that may be suspicious, as well as a screenshot of the phishing attempt we received earlier this week:
- Email that doesn’t come from a valid email account, but it may be similar looking email address. In this example, we got an email from email@example.com instead of firstname.lastname@example.org.
- They may not address you by your name. In this example, they just addressed us by the email address on our account, instead of the individual’s name on the account.
- Invoice numbers that aren’t valid on your actual account.
- Links that are misspelled or lead to a website that is spelled similarly. In this example, the link is for accounts.logme.in instead of accounts.logmein.com.
- If you see anything suspicious about a link, hover your mouse over it to see where it will take you. As you can see, this link wouldn’t take us to accounts.logme.in but rather southtelcom.vn.
- Request has a short deadline or needs to be done quickly or there will be some type of consequences
So, what can you do to prevent yourself and your company from phishing attempts?
- Inform yourself and your employees. The more employees that are trained and aware of what to look for, the less likely you are to fall victim. No reputable company should be sending you emails to confirm any information like bank account information, PIN, or anything similar. If you never initiated the request, please contact the vendor or bank at the number you have in your own contact records to confirm the request is legitimate or not (not the number they called from or provided in an email).
- Use a good UTM firewall on your network, like WatchGuard. In this case, our WatchGuard blocked one website link as it was flagging it as a Compromised Website.
- Use a cloud DNS provider like OpenDNS. Another link in the email was blocked by OpenDNS service, which we use to block access to websites that are flagged for security or malicious reasons.
Call i3 with any questions you may have, or for a more in-depth explanation of how phishing attempts can happen. We'd love to help you catch the attack before it strikes!