Phishing has become the hot topic word in security today. It is where the majority of modern malware comes from. Phishing scams according to the Microsoft Safety and Security Center are, “[E]mail messages, websites, and phone calls are designed to steal money.” What Microsoft fails to mention is sometimes information is what hackers are after since it can be held for ransom. Here are a few ways you can protect yourself against the 3 main methods of phishing.
Email phishing functions in some of the most deceiving ways. Official logos can be stolen for use of malicious entities, and email addresses can be spoofed. The best way to protect against this kind of vulnerability is by using a spam filter service such as Barracuda Email Security Service. Sifting through email otherwise is much more risky. Some ways to detect phishing scams is to check that the email address matches the domain of the sender. For example: Emails from Microsoft should be from @Microsoft.com rather than a domain like @msft-support-hotmail.com. Another way to check is by hovering over links to make sure they are going to what they say they are going to. For example: if a link goes to www.absne.com and when you hover over, another url pops up, this is not a legitimate message. There are many other ways email phishing can come through. You can learn more and take a free phishing test by Dell Sonicwall here: https://www.sonicwall.com/en-us/phishing-iq-test
Website Phishing is often associated with pop-ups, but it also comes through links. For example, an ad link on Facebook may lead to a page where malware may exist.To avoid falling for this hook check if there is a small ad indicator (usually labeled ad, adsense, or ads). Use the same procedure with website links as you would use in email links. Be wary of articles along the side or at the bottom of even respectable news sites or local news sites. Look out for attention grabbing phrases such as “You won’t believe what..-“ or “Kanye uses this…-” or “In just 2 days..-“ and similar language. These are designed to be click-bait pulling you to malware or ad-ridden holes of the internet.
You or someone you know may have received calls that sound like this. “Hi this is Dell tech support, we found there is a virus on your network I need to remote in to remove it”.
These calls often result in the installation of malware and a possible charge for the false service provided by a fraud service provider.
Dell, Microsoft, and other systems manufacturers will not contact you for a malware infection. If your MSP provider were to contact you in regards to an infection you would likely be working with a technician already introduced to you.
In conclusion, it is very possible to avoid phishing scams just by being a smart fish. If it gets hard to determine however never hesitate to ask your IT technician!