Grimm's IT Tips

Phishing

What is phishing? How do I protect myself?

Think of phishing like you would think of fishing. What do you do? You put a lure on a hook that looks like something the fish recognizes as food in the hope that you can get the fish to bite. Phishing works the same way. Phishing emails are designed to look like something that the recipient recognizes and trusts. So how can you protect yourself? There are a few key things to ask yourself and look for when you receive an e-mail.

Ask yourself:

  • Was I expecting this email?
  • Does this email ask me for account information, money, or anything unusual?
  • Did this email address me as someone I know would address me?
  • Does this email contain several spelling or grammar mistakes?
  • Does this email seem too good to be true?
  • Does this email suggest that someone has stolen my information?
  • Are there inconsistencies between the domain and the email address?

Below is an actual phishing email I received in the past. It is pretty convincing, so we are going to go over some of the red flags.

  • I was not expecting this email.
  • This email was from a sender outside my organization.
  • This email does not address me or name the seller.
  • The verbiage “Do give us a Call for any dispute regarding the Payment and issue a Refund at +1(888) 719 -7390” was a concern solely how it was worded.
  • When googling the number listed, several results show up as PayPal Scammer. It is also not listed on the PayPal website. In this e-mail, information is stolen primarily when users call the number. They likely ask for banking information to “issue a refund” and then drain your bank account. Any information given to people using phishing techniques can be very dangerous for your identity and financial security.
  • Towards the bottom, they try to make themselves look legitimate by offering links to identify phishing. They say not to reply to that email even though the email address is not a “donotreply” address. Instead they give a link that likely redirects to a website meant to look like PayPal. The same will be the case for the Learn More link.

Key take aways: Do not ever respond to or click links from an email you’re unsure about. If you have concerns of legitimacy, forward it to your IT department. If it is a personal account, call the company or person directly. Do not use the links or phone numbers listed in the email. Use your directory or go to the company’s actual website to get official contact information. It is better to error on the side of safety.