Phishing: How to Identify It, How to Avoid It, and What to Do After You Experience It

Phishing has long been a top hacking method, with email or social media messages often relied upon to elicit sensitive information from unsuspecting users. This practice is far more common than most people suspect. In fact, the State of the Phish™ Report 2018 revealed that 76 percent of organizations suffered phishing attacks in 2017. Unfortunately, many more are likely to follow in the future. Read on to learn how you can prevent computer scams and how to respond in the worst-case scenario.

Common Signs of Phishing

With phishing – as with any security threat – prevention is always preferable. The first step? Recognizing suspicious emails. The following are among the most common signs and examples of phishing:

• Confirmations of Personal Information – Be wary of any email that asks you to confirm sensitive information such as your address, credit card number, or Social Security Number. This information should never be offered up over email – even if the individual or business making the request seems reputable.
• Impersonal Salutations – Don’t trust any email that begins with “Dear Customer” or similarly vague greetings. A complete lack of a greeting could also be a cause for concern. Typically, companies make every effort to personalize correspondence. Hence, a lack of personalization should be an immediate sign of foul play, even if every other aspect of the email appears trustworthy.
• Poorly-Written Emails – Grammar and spelling errors aren’t automatically a sign of phishing. However, they should spark concern if they come from an allegedly professional source – or from an existing contact who is typically on top of written communication.
• Suspicious Attachments – Be careful if you randomly receive emails featuring attachments. These often contain malicious content, which could lead to malware or viruses. Even if an attachment seems reasonable, it’s worth scanning it first with antivirus software for peace of mind. Keep in mind, however, that legitimate companies will nearly always direct you to outside websites before offering the opportunity to download attachments.
• Altered Email Addresses – The sender’s email address could provide a valuable clue regarding reputability. Hover your mouse over the address to determine whether it contains an original domain name, as will be the case for correspondence from most legitimate companies. Alterations such as added letters or numbers should spark concern. This approach isn’t foolproof, however, as some reputable organizations use multiple domains or even third-party email providers.

How to Prevent Phishing

Once you’ve gained a better sense of the signs of phishing, you can begin to take steps to keep your devices and data safe. Consider implementing the following strategies to minimize the risk of a security breach:

• Set aside time for thorough security training – You might be perfectly aware of the signs of phishing, but what about your employees? Often, phishing attacks arise because well-meaning workers fail to detect the signs. Luckily, regular training will help. Employees should know better than to download suspicious attachments or to include personal information in their emails – even when responding to trusted clients or coworkers.
• Use spam filters or quarantine suspicious messages –Programs such as Office 365 allow you to quarantine suspicious emails in a specific location, where problematic messages can be kept for later review. Upon examination, you can determine how to handle these messages. A quarantined approach may grant you a better sense of emerging patterns, while also preventing you or other users from accidentally opening or responding to problematic emails.

Already Attacked? Here’s What to Do Next

Despite your best efforts, you may eventually fall prey to a phishing attack. Unfortunately, today’s attackers are highly sophisticated – and even the most conscientious users can suffer. If you believe that you’ve been involved in a phishing scam, take these critical steps to minimize the damage:

• Start Changing Passwords – As soon as you discover that you’ve fallen victim to phishing, switch as many passwords on as many accounts as you can. Begin with the affected email address and continue with any accounts that share that same password. If you’ve previously used less-than-advisable passwords, this is the perfect time to up the ante. Ideal passwords include random strings of numbers, letters, and other characters. Resist the urge to reuse login information on multiple accounts.
• Enable Two-Factor Authentication – A strong password alone may no longer cut it for your compromised email address. With the addition of two-factor authentication, however, you can feel reasonably secure. This could take multiple forms, potentially including a code sent to your phone or even biometric verification.
• Check Your Sent Mail – Unfortunately, you may not be alone in your phishing misery. The attacker could have used your email address to target friends, family members, coworkers, or other contacts, too. Some phishers delete such emails, so be sure to ask contacts in person or over the phone whether they’ve received any suspicious correspondence.
• Contact a Security Expert –Unfortunately, you might not be able to prevent phishing on your own. Consider working with a computer repair service to address the fallout. Your technician can assist you with computer virus removal before taking the proactive steps needed to prevent further attacks.

If you’ve fallen victim to a phishing attack, prompt action is essential. Limit the damage with assistance from NerdsToGo. Our certified team of Nerds can also help you take the proactive steps needed to protect your data in the future. We provide a variety of in-store and in-home computer services. Don’t hesitate to contact us to learn how we can help.