By now, most people are familiar with those emails that look as if they came from a legitimate company, but somehow just aren’t quite right…
Email Phishing, and you…
Perhaps you’ve been fortunate enough to not encounter one of those messages. I can comfortably say, “It’s only a matter of time.”
What is a Phishing Email?
Quite simply, it’s a message that was fabricated by a evil nefarious entity (ENE’s) to look like it originated from a legitimate source. That source could be your bank, your ISP, Microsoft, Dropbox, or even someone in your company or family. The layouts will look correct. The images will be correct. Everything about the message will be close enough to a legitimate message that a quick glance will trick your mind into believing it to actually be legitimate. When you’re also busy with other tasks you’ve now got a recipe for disaster!
What happens if you interact with a Phishing message?
That depends… Some ENE’s operate on a limited resource budget and can only hope to snag those that blindly go through all the steps they outline. Others are very sophisticated with messages that include tracking pixels, high quality links, and dramatic calls to action.
No matter what, you’re going to view the message. It’s often impossible to tell a Phishing message from a normal one based on the limited information provided by your inbox. If the message has tracking pixels, the ENE might now know you’ve opened the message. In truth, this doesn’t matter. While it could mean you will see more Phishing messages, they can’t do anything other than send more to your inbox. If it’s the basic Phisher, viewing the message has no implication at all.
So now you’ve viewed the message, perhaps the ENE knows you have or perhaps they don’t, what happens next is entirely on your shoulders. The message is designed to trick you into taking action before looking too closely.
YOU MUST NOT TAKE ACTION!
Not before taking these simple precautionary steps:
- Hover your mouse over any links or buttons in the message. Do not click them. After a short moment a popup tag will appear by the mouse displaying the actual link that will be activated should you click. If that link looks sketchy in ANY way, don’t click it and consider the message a Phishing attempt.
- If you can’t tell by the links if the message is legitimate, look at the from address. The name may be your boss, or your ISP, or your bank, etc. but the actual address will tell you the true story. If the email address is not one you recognize, don’t take any action on that message.
- Contact the sender via alternative message or method to validate the email you’ve received. If it looks like your boss sent you a request to wire money but something about the message seems unusual, create a NEW email to your boss and ask for clarification. At no point should you ever reply to a message you suspect is from an ENE. Even if you know and you think it’ll be funny, they can put your email address, your entire company’s email addresses, on target lists for other ENE’s to attack.
With those three steps you should be able to ascertain the legitimacy of a message. If you’re still uncertain, delete the message.
Phishing can cost you your job, or cause your business to cease operation.
We have many stories of people that didn’t follow those three steps and unintentionally gave the ENE’s access to critical business information. If you suspect you have, we have steps you can take towards remediation.
Contact us immediately if you think you’ve entered your password into a Phishing site or clicked a link from an ENE.