October brings to mind three things: busting out the fall wardrobe, Halloween and, last but not least, cybersecurity awareness. If you read that list and thought to yourself, “Cybersecurity awareness? Not me!” then congratulations, you are our target audience.
In conjunction with the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance (NCA), SonicWall is participating in Cybersecurity Awareness Month this October to spread awareness about key issues in cybersecurity.
In our last blog, we mentioned that while password hygiene and multifactor authentication are both crucial, they can be easily foiled by a successful phishing attack. Today, we’re going to cover the basics of recognizing phishing attempts and what to do if you spot one.
Phishing attacks are not a new phenomenon. They’ve been a favorite attack vectors of cybercriminals across the board for many years now. But every time cybersecurity tools get better at spotting them, they get better at hiding. That’s why knowing how to recognize phishing is more important than ever.
How to Spot a Phishing Attack
Hackers or scammers will often use emails or text messages to try and steal your login credentials, account numbers or even Social Security numbers. Once they have the information they want in hand, they can perform a multitude of nefarious deeds, such as accessing your email account or stealing money from your bank account. They may even be using you to access an organization you’re a part of, such as your workplace.
These cybercriminals are constantly updating their tactics to keep up with the latest news and trends, but they often exhibit some common characteristics that you can spot to avoid being their next victim.
These include the types of email or message phishers like to use. They’ll often be posing as your bank or a credit card company. It could be an email that looks like it’s from a coworker or your boss.
Oftentimes, these messages will say something like:
- There’s been some suspicious activity with your account, and they need you to log in to verify.
- You’ve missed an important payment or deadline and direct you to a link to rectify the situation.
- You need to confirm some sort of personal information, like your Social Security number.
- You must download an attachment or document, or login to your work email.
While some phishing emails have definite “tells,” the messages can also look quite convincing. They may look similar to emails you’ve received from real organizations in the past, even going so far as to use the official logo of the company in the header or a clone of it.
Some telltale signs of a phishing email include:
- The message uses a generic greeting such as “Hello user” or “Hi dear.”
- The message asks you to click on a link to update your payment details.
While real companies will sometimes communicate through email or text message, they will never email or text you asking for important financial or personal information.
What to Do When You Spot A Phishing Attack
If you receive a suspicious email or message that matches some of the criteria above, always leave the email or message and go to the company’s website directly to contact someone. (The links and numbers in phishing messages will always direct you back to the phisher themselves.)
By going to the company’s official website or calling their official phone number, you can ensure that you’re speaking with someone at the actual company and not a cybercriminal.
If you receive a suspicious email at work, you should report it to IT so they can be aware someone may be trying to infiltrate the company. If you received it in your personal email, you can forward the email to the Anti-Phishing Working Group at firstname.lastname@example.org. Suspected phishing via text message can be forwarded to SPAM (7726).
Protecting Yourself from Phishing
While phishing attempts can be scary, there are a number of tools and strategies that can help protect you and your organization. You can:
- Protect your computer using security hardware and software
- Protect your accounts by using multi-factor authentication (MFA)
- Protect your data by backing it up to the cloud or an external hard drive
Taking just a few steps towards protecting your important information and accounts could be the difference in staying protected or becoming a victim of phishing.
While we’ve covered the basics, the more you learn about phishing, the better protected you’ll be. You can watch our School of Phish webinar series on-demand and learn about the different ways our cybersecurity experts handle real-world phishing incidents.
If you feel like you’re prepared to spot some phishing attacks, you can test your mettle against our phishing quiz, which will gauge your ability to identify phishing emails.