Back in the teenage days, have you or one of your friends ever tried prank calling someone as a celebrity and they end up believing you? Now imagine if a criminal mind is placed in your position in a situation like this, to what extent he/she can go to acquire whatever information he needs to fulfill his malicious goals. This is the basic concept of phishing, pretending to be someone you know or trust or report to in an organization and then asking for sensitive and private information. Phishing is a crime and has to be dealt with serious measures and precautions.
The term phishing is born from the combinations of words Private and Fishing. The most common form of phishing in the today’s cyber era is Phishing Email. You might receive emails from email id’s that might look exactly like someone’s email id you know but they are actually not. In a recently reported case to Kloud 7, few key employees of the company were receiving an email from their boss’s email id asking for some sensitive information and requesting for urgent direct wire transfer from the accounts department. In this case if the boss’s actual email id was firstname.lastname@example.org, they were receiving emails from email@example.com. In first look there does not seem to be much difference in both the email addresses and in hurry we all can make mistakes we might later regret, but there are multiple ways to deal with this problem. There are various examples on how phishing emails might look like. Let’s see how to avoid this problem and what precautions we can take to stay safe from such criminal activities.
URGENT ACTION REQUIRED. Impostors often comprise urgent “calls to action” to try to get you to respond straightway on impulse. Be suspicious of emails comprising phrases like “your account has been compromised,” “urgent action required,” “your account will be closed.” The hoaxer is taking benefit of your concern to trick you into providing sensitive and confidential information.
FAKE WEB SITE LINK. To lure you in to the trap so you disclose your login credentials, fraudsters sometimes include a link to a sham web site that looks like (occasionally exactly like) the sign-in page of a genuine website. Only because a website has a genuine company’s logo or seems like the real website doesn’t mean it actually is. Logos and the appearance of legitimate websites are easy to copy. Beware of following n you emails:
Links comprising an official company name, but in the wrong location. For example: “https://www.yahoo.com is a fake address that doesn’t go to a real Yahoo! web site. A real Yahoo! web address has a forward slash (“/”) after “yahoo.com” — for example, “https://www.yahoo.com/” or “https://login.yahoo.com/.”
UNOFFICIAL “FROM” ADDRESS. Look out for a sender’s email address that is similar to, but not the same as, a company’s official email address. Fraudsters often sign up for free email accounts with company names in them (such as “firstname.lastname@example.org”). These email addresses are meant to fool you. Official email from Yahoo! always comes from a “@yahoo-inc.com” email address.
GENERIC GREETING. Fraudsters often send out hundreds or thousands of phishing emails in a single go. Their target list might have your email address too, but they rarely have your name. Be doubtful of an email sent with a generic greeting such as “Dear Member” or “Dear Customer”.
Although there are precautions, but somehow we all can slip up and fall for the trap. It’s always wise to stay on top of your backup and security game. Even if you fall for such traps, a good data security and backup provider can always help in mitigating the damage and totally alleviating the possibility of similar traps in future. Kloud 7 is a leading data backup and security provider in the states and all our customers are leading corporate entities who value their information and take best measures to protect them. A few other techniques you can use to stay away from being a phishing victim is by inducing the following practices in your daily routine:
- Do not give out information about your organization or personal information, including its networks or structures, unless you are convinced of the individual’s power to have such data.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Be wary of unsolicited visits, phone calls or emails from persons demanding about staffs or other internal data. If an unknown individual asserts himself to be from an authentic organization, try to verify his/her identity directly with the said company.
- Always pay attention to the URL of a website. Mischievous websites may look indistinguishable to a genuine website, but the URL may use a deviation in spelling or an unlike domain (e.g., .com vs. .net or .co).
- Make full use of any anti-phishing features offered by your email client and web browser.
- Get managed services from reputed service providers like Kloud 7 to install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
- Avoid sending out personal and sensitive information over the Internet before checking the website’s security.
To get a free managed services and data back and security audit and free quote, contact Kloud 7 today at email@example.com.