#FAQFRIDAY: How To Easily Spot Phishing Messages

Phishing messages are designed to trick recipients in order to gain access to valuable personal
information. It can happen to anyone. Learn these important tips to make sure that you protect
yourself in the case that you ever become a target of these types of messages.


There are many different phrases used and its important to know the difference between
messages from legitimate senders and messages from senders who are trying to gain access to
your personal information. Some threats will include a statement that your account will be
closed unless you choose to verify, or that you owe back taxes and will face hefty
consequences such as fines and jail time if these taxes go unpaid. Legitimate messages will not
use scare tactics that force you to take immediate action. When unsafe links are clicked upon,
valuable information is stolen. Contacts and sensitive documents are out the door. Personal
identity information too, which can lead to their contacts being contacted by a "trusted" person,
in turn asking for THEIR private information. And so on, and so on. This can be especially
insulting because it can make it look like you are the culprit because the email is "sent" from you
or your business.


While some messages will provoke your curiosity, it is important that you only open messages
from senders that you know and trust. A message might arrive saying you need to log in, and
view a fax or a bill that is waiting for you on a remote server. You innocently log in out of curiosity and voila, there is no fax. But while you are scratching your head, your personal information or login credentials are flying out through the portal that you opened.


Messages that come from legitimate senders will be clean and free of errors. Phishing messages are designed to trick you, and while it sure looks like it comes from Microsoft, if you look closely, you’ll notice the odd grammar, misspellings for software and services, the repeated words, and especially the reassuring message that if you don't respond, they will not be responsible.


The lure of money can still cloud the judgment of many others, including your trusted
employees, co-workers, family members and friends. Do not click on any active links or
volunteer any personal information from unfamiliar senders in exchange for any amount of
money, ever.


Phishing tactics change and morph all the time. Today’s hackers share stealing tactics daily with each other internationally. For Office 365 users, Microsoft has anti-phishing algorithms and reports built into the security and compliance dashboard to try to stay ahead of the new phishing strategies.

Read about updated anti-phishing recommendations.
For example, read the intro of an article from the Associated Press published on July 19th, 2018.
BEIJING (AP) — Last month, the daughter of a jailed Cambodian opposition party leader
received an email from a well-seeming activist at a reputed Cambodian non-profit. For weeks,
the sender nudged Monovithya Kem to open an attachment described as containing interview

Kem suspected a trap set by Cambodian hackers seeking access to her computer. But a
months long investigation by California security-research firm FireEye revealed that Kem was
among several Cambodians likely targeted by a far more formidable actor: a well-known hacker from China.

Fortunately for Kem, she had learned about schemes to get innocent people to click on links in
email. She knew that clicking could unknowingly release all kinds of private information onto the
dark web where bad actors can and will take advantage. Education, in her case, was key.


With all these cyber attacks in the news, businesses are freaking out about what is a real email
and what is not. So, we're going to describe a few things that we think may help you and your
employees avoid catastrophe.

Most email providers have sophisticated gateways that filter most of the phishing emails. Office
365 lets you customize these filters depending on your preferences and knowledge. But don't be fooled because bad emails can still get through, and when they do, recipients may have been lured into false security and just "click".

Many companies believe that by blocking certain IP addresses they will be safe. While this was
once a good strategy, it no longer matters who you block. Even if you block tens or hundreds of addresses, the bad guys have thousands more to bombard you.

Things to watch for in emails... even if it has the name of someone you know and trust.

Misspellings: This is the most obvious clue to phishing emails. As many of these
attacks come from overseas, we see bad spelling and grammar in many cases like the
image below. Notice the stilted grammar. READ carefully before clicking on anything. If
you are not sure, call your IT department or call us! 203-463-2672.
Strange senders: The FROM address has weird characters. Not good.
Odd website addresses: It has a website link you don’t recognize. Once again, read
carefully before taking action. Click on it and it can go to a hacker's website overseas.
Personal gov IDIs: If anyone asks for social security, Medicare or passport numbers,
back out fast!


Many larger companies are asking us for security training to protect employees about phishing
messages. Cloud ADV offers this service because we care about our customer's ability to keep
their information, technology, and contacts private. There is so much to lose, even if just one
employee clicks.

Plus, many states have enacted legislation that can trigger huge fines onto businesses
that have not taken steps to protect their information and the information of their
customers and clients.

Please feel free to forward us any emails that look suspicious and you would like some feedback on (free of cost) to phishing@cloudadv.com. We will give you our best opinion and recommendation about what it is and what to do.

Remember, the key to security is recognition of the small things. If your employees understand
the threats and what they look like, they are less likely to instinctively "click".
Book a security seminar now!

Related Posts

No Comments