{"id":6654,"date":"2019-08-12T11:40:00","date_gmt":"2019-08-12T11:40:00","guid":{"rendered":"http:\/\/localhost\/datcomWP\/?p=6654"},"modified":"2019-08-12T11:40:00","modified_gmt":"2019-08-12T11:40:00","slug":"think-before-you-click-spotting-a-phishing-attempt","status":"publish","type":"post","link":"https:\/\/staging.datcomllc.com\/index.php\/2019\/08\/12\/think-before-you-click-spotting-a-phishing-attempt\/","title":{"rendered":"Think Before You Click: Spotting a Phishing Attempt"},"content":{"rendered":"

We\u2019ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.<\/p>\n

We\u2019re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let\u2019s take a look.<\/p>\n

<\/p>\n

Give Me the Short Answer – What\u2019s Phishing?<\/h2>\n

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.<\/p>\n

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.<\/p>\n

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user\u2019s guard, and force them into a sticky situation.<\/p>\n

How to Spot a Phishing Attack<\/h2>\n

Like I said, it\u2019s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.<\/p>\n

Still, there are some practices you and your staff should use:<\/p>\n

Always Use Strong, Unique Passwords<\/h3>\n

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.<\/p>\n

Check the From Email Address in the Header<\/h3>\n

You\u2019d expect emails from Facebook to come from something@facebook.com, right? Well, if you get an email about your password or telling you to log into your account and it\u2019s from something@faecbook.com, you\u2019ll know something is up.<\/p>\n

Cybercriminals will try to make it subtle. Amazon emails might come from something@amazn.com or emails from PayPal might come from something@paypalsupport.com. It\u2019s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.<\/p>\n

Don\u2019t Just Open Attachments<\/h3>\n

This is nothing new, but most malware found on business networks still comes from email attachments, so it\u2019s still a huge problem. If you didn\u2019t request or expect an email attachment, don\u2019t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!<\/p>\n

Look Before You Click<\/h3>\n

If the email has a link in it, hover your mouse over it to see where it is leading. Don\u2019t click on it right away.<\/p>\n

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:<\/p>\n