vCTO Secure Blog

vCTO Secure has been serving the Seattle area since 2011, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

If an Email Subject is Urgent, Be Skeptical

If an Email Subject is Urgent, Be Skeptical

Important Update! Urgent! Expires in 1 Day! Confirm your Email Now! Your Password Has Been Stolen!

This type of messaging is often used in some of the most disarming phishing emails. As a business owner, you and your staff need to be vigilant when it comes to catching these scams.

Phishing Attacks are a Growing Problem

When we think about hackers, we always think about technologically brilliant social outcasts sitting in front of half a dozen screens trying to digitally rob banks. That’s a fun way to portray them in television and movies, but these days it doesn’t really take a lot of technical know-how to run the most successful scams in the cybercriminal’s playbook.

In fact, cybercriminals rely less on new breakthroughs and more on new psychological ways to trick users. Why invest all that time and effort breaking through modern cybersecurity protections when you can practically ask a user to hand over their password?

Phishing attacks are prominent today because they work. Users fall for them, and you almost can’t blame them for it. A phishing email is an email that looks legitimate, and is usually spoofing a legitimate site or service.

For example, a phishing email might look like it’s coming from your bank. The from address appears (at first glance) to be coming from a real email address from your bank. It might even get filtered normally, if you already have filters in place to organize email from your bank. Clicking into the email, you’ll see your bank’s logo.

Everything will look very real and very legitimate, at first glance.

That’s why phishing attacks are so easy to fall for.

The email itself usually isn’t dangerous on its own, although it could have links to dangerous sites, or contain attachments that are dangerous. Most of the danger lies in where the email instructs the user to go.

How to Spot a Phishing Attack

First of all, if an email seems too good to be true, or extremely urgent, or it’s asking for password information that you didn’t trigger, immediately be skeptical.

  1. Carefully hover (don’t click!) over links and see if they go to a legitimate URL. If the email is from Paypal, a link should lead back to paypal.com or accounts.paypal.com. If there is anything strange between ‘paypal’ and the ‘.com’ then something is suspicious. There should also be a forward slash (/) after the .com. If the URL was something like paypal.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a general rule of thumb:
    • a. paypal.com - Safe
    • b. paypal.com/activatecard - Safe
    • c. business.paypal.com - Safe
    • d. business.paypal.com/retail - Safe
    • e. paypal.com.activatecard.net - Suspicious! (notice the dot immediately after Paypal’s domain name)
    • f. paypal.com.activatecard.net/secure - Suspicious!
    • g. paypal.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!
  2. Check the email in the header. An email from Amazon wouldn’t come in as . Do a quick Google search for the email address to see if it is legitimate.
  3. Always be careful opening attachments. If there is an attachment or link on the email, be extra cautious.
  4. Be skeptical of password alerts. If the email mentions passwords, such as “your password has been stolen,” be suspicious. 

When in doubt, it’s best to be skeptical of an email. That doesn’t mean email correspondence has to be distrusted though. If your business has a solid spam-blocking solution in place, it can help weed out some (not always all) phishing attacks.

If you are getting suspicious emails and want us to take a look, give us a call at (206) 895-5595.

Ransomware is a Nasty Thing to Get
Switch the Hosted Email to Save Money
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 28 March 2024

Captcha Image

Mobile? Grab this Article

QR Code
Dark Web Monitoring

When you visit the Internet, you are more than likely sticking to the pages that can be accessed by typing an address into your browser, or by clicking on a link in a search result.

Find Out More
Contact Us

Learn more about what vCTO Secure can do for your business.

Seattle, Washington

Call us: (206) 895-5595

Protect Your Reputation

With human error causing over 92% of data breaches, we understand the importance of focusing on the weakest link by empowering employees through self-improvement, personal protection, and engaging training that is relate-able, not demeaning.

Find Out More