Email Phishing

Wait, What's Phishing?

Phishing is an attempt to obtain infomation or access to an account, workstation, or even credit/debit card information! By disgusing themselves, typically as a trustworthy source, these malicious users will attempt to exploit you into providing their desired sensitive information. This page serves as reference material on how such attacks can be prevented and avoided.

Email Phishing is especially dangerous for businesses as malicious entities will mask the sender address and links within the email itself to appear as if the email is coming from alegitimate business partner or coworker. When a user follows these links, they can be guided into filling out compromised forms and submit them straight to the sender.

Preventing Phishing Takes Teamwork! Here's What We Are Doing:

  • Email Spam Filtration - We implement a superior spam filtration system that stops suspicious and fraudulent emails before they even reach your inbox.
  • DMARC - An email authentication protocol that verifies the email sender's and reciever's credentials to prevent fraudulent emails from being sent at all! We include this protocol on our secure email server.
  • Antivirus Software - We install antivirus software on each workstation to protect every user locally from malware or virus from accessing files and documents.
  • Network Security - We go beyond endpoint protect, and secure your entire office network with a VPN, or virtual private network. This acts as a network firewall and helps defend against infiltration at the network level.
  • User Training - Teaching users to recognize and avoid phishing attempts is our best line of defense. By providing documents like this webpage as well as other resources on phishing, we can prevent phishing from happening even if a phishing email manages to bypass our security.

What You Can Do To Help:

There are several steps you can take if you receive a suspicious email:

Consider the Context

Is the email asking you for payment or account details? Does it ask you to perform any task that seems outside of your work scope? Typically, malicious entities will utilize these tactics to elicit their deisred information.

Additionally, phishing email carry with them a sense of urgency. They typically demand an immediate response. This tactic is used to convince users that there is no time to think and that they must comply to save their account or billing info.

Check the Sender and Attachments

Be sure to examine the address from of the email. Often times, this will be spoofed to appear as legitimate. Be sure to look at email attatchments as well. Refrain from downloading attatchments or files ending in '.exe' as these types of files have the potential to be malware.

phishing-sender

Be Cautious of Hyperlinks

Hyperlinks are often disguised as well. Scammers will try to bait you into clicking a link that takes you to compromised website. This is an attempt to have you enter sensitive information, submitting it straight to the scammer

A good practice to adopt is to manually visit the site the potential phisher is directing you to. This extra step helps verify that you are visiting the right site and not entering account details into a false website.

phishing-link

Look for an Email Signature

Sometimes, scammers will try to appear as coming from within your organization, or from someone you communicate with regularly. Examining the sender's email signature is an excellent way to verify authenticity. If the signature doesnt match the signature the sender was using before, it may be fraudulent.

Reach Out

If the email seems to come from a reliable source but you still feel cautious, you can always reach out to the sender via telephone, or a new, fresh email - that is, not replying to the sent email, as a way to confirm the identity of the sender.

Don't Respond, Don't Forward

If you've tried the above steps and still dont feel comfortable, the best course of action is not to react, respond, or forward the email but instead contact your IT service provider and alert them of the suspicious email.

Additional Reading

Email phishing and its prevention are huge topics. So huge that it can be difficult to cover all of the bases in a single article. Below are a few articles you can read to suppliment your growing knowledge.