Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other forms of communication. Attackers will commonly use phishing emails to distribute malicious links or attachments that can perform a variety of functions. Deceptive phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate phishing email than it is to break through a computer’s defenses. Learning more about phishing is important to learn how to detect and prevent it.
Successful phishing messages are difficult to distinguish from real messages. Usually, they are represented as being from a well-known company, even including corporate logos and other collected identifying data. Unlike what Hollywood has shown, hackers number 1 tool is manipulating you into opening the door. A hacker gaining access to an administrator account can easily whip out a businesses digital records.
However, there are several clues that can indicate a message is a phishing attempt. These include:
- The message uses subdomains, misspelled URLs (typosquatting) or otherwise suspicious URLs.
- The recipient uses a Gmail or other public email address rather than a corporate email address.
- The message is written to invoke fear or a sense of urgency.
- The message includes a request to verify personal information, such as financial details or a password.
- The message is poorly written and has spelling and grammatical errors.
What To Look Out for!
Here are a few examples of phishing emails and how to not fall victim. Always loop at your status bar at the bottom of your window when your mouse is over a link. Make sure the link goes to the right address. If you are dealing with BoA, https://bankofamerica.com/ not . These links will take you to a login that is fake and used to steal your credentials. This can give a hacker complete access and bypass all security.
Know The URL Before You Type In Credentials
There are a lot of spam emails that are sent to email addresses associated with a website. Some are simply to steal your login credentials by getting you to click a link that takes you to a fake login page. Know your website login URL. A URL is the address of web pages as seen in the address bar at the top of your browser.
If your website is WordPress you can type in yourdomain.com/wp-admin to get to your login. Your login is actually at the URL yourdomain.com/wp-login.php and it may have a ? followed by what seems like random words and numbers. https://yourdomain.com/wp-login.php?redirect_to=https%3A%2F%2Fyourdomain.com%2Fwp-admin%2Fpost.php%3Fpost%3D58222%26action%3Dedit&reauth=1. The part after the ? is called arguments and is just internal jargon the site is using. The important part for you to know is the yourdomain.com/wp-login.php, it must start with this if it is someotherdomain.something/something it is fake and dangerous.
This applies to everything! If an email says it is from someone and you click a link and are asked to login the URL should start with companydomain.something/something or possibly something.companydomain.something/something. So if you get an email from “google” about an issue and to click here and are taking to a login page with the URL something.google.com/something then it is real but if it is fgdfy.gobble.cz/login it is obviously fake.