Phishing for non-techies

April 15, 2019 at 12:05

Many of us recognize the situation of having to explain how to identify and respond to phishing to the not-that-techy-ones. Here s a post and a PDF that you can forward to whoever might need it!

Phishing_Nixu

What is considered as phishing?

Phishing attempts usually start with someone in an email approaching you from a familiar company or service that you use: your employee, your bank, phone provider, a social media service, anywhere you might have an account. In the e-mail, you are asked to click on a link that will lead you to a login page where you will enter your credit card number or provide some other sensitive or valuable information.

It is possible and likely that the page you came to through the link in your email, looks very authentic. However, if it's phishing, it's not authentic. Any information you fill in on that site will go directly to the bad guys.

Phishing emails are very common, and even the tightest firewalls or junk mail detectors might not necessarily notice them. Everyone will encounter these sorts of emails sooner or later.

How do you recognize a phishing email and what to do with them? Follow these steps given by Nixu cybersecurity professionals.

Six characteristics of a phishing mail

1. A general greeting

If the message is addressed "dear customer" or in any other non-personal way, then be extra careful. Actual e-mails often have something more personal – e.g., your username or real name.

2. Bad or unfinished spelling

“Dear Esteemed User, You have exceemed the storage limit on Your mailbox. You are having problems sending and receiving mails until You re-validate.” Phishing emails may have improper spelling or grammar. On the other hand, it could be proper language as well, so the style is not the only factor when detecting scam mail.

3. Sender information might not be quite right

Sender's e-mail address differs from the service the sender claims to be from, dispose of the e-mail in the junk basket. If you get an email from jim.smith@gmail.com who says that he is from your organization, throw that email in the junk basket and report it to service desk.

Unfortunately, it is possible to forge such information as well (so-called e-mail spoofing), so even though everything looks good, it might not be.

4. Urgency

Often the e-mail declares some reason to believe that logging in is essential and urgent. The scammers may claim that a software program is dangerously outdated and needs updating, or that your account or other information needs immediate updating.

5. A request to check an invoice or a receipt

You can receive a receipt for a large payment. The attacker also provides a link we can click if we want to "check something" regarding the amount. In a stressed situation, it is easy to fall prey to these tactics.

6. Link or attachment

A phishing email usually has a link or an attachment that the attacker urges you to open.

How to react – 4 +1 easy steps

1. Take it easy

Usually, things go wrong if you’re in a hurry. So take a minute to breathe and read the email carefully.

2. Move the mouse over the URL without clicking it

Before you click on a link, it is a good idea always to check where it leads. Be advised that a link that looks like a direct link to a web site can lead somewhere completely different.

It is usually possible to check where a link leads by simply moving the mouse over the link; a box with the URL should pop up or be visible at the bottom left corner of the browser.

Oh no! I already clicked the link! What to do?

If you visit the page in question by clicking on a link you received in an email, it is incredibly important to check the address in your browser. If it’s weird in any kind, copy the link and send it to the IT support who can investigate it further.

Do not trust the site just because it looks genuine. The address is often the only way to see the difference between a phishing page and a real page. Even the URL can be adapted so that it is indistinguishable from the real thing.

3. Move to junk

If you are asked to send any critical or sensitive information by e-mail, you can immediately throw the e-mail in the junk basket. Never send login credentials, bank codes, credit card information or anything sensitive by email.

4. Report IT service desk

It’s a good practice to report every suspicious email to your company IT service desk. There are no unnecessary reports in this area. If you face some suspicious files or URLs, redirect them to your IT support. You can also add screen captures to enhance your message.

+1 Use tools to investigate the link by yourself

For an advanced user, there are tools for investigating suspicious links by yourself. Here are some tools to analyze suspicious files and URLs to detect types of malware, automatically share them with the security community. There are many different tools, and we do not recommend a tool in particular but below you will find some examples.

URL checker:

https://www.virustotal.com/#/home/url

File Checker:

https://www.virustotal.com/#/home/upload

 

Download Phishing tips as a PDF here.

PS. Whichever links you choose to click in this post: remember to do the mouse-over-link-check before you click on it. There are no hidden surprises in the links, but now it’s time for you to start a great new habit :)