Gone Phishing?

Over 90% of data breaches start with a phishing email.  Phishing emails aren’t a new concept.  They’ve been around for years.  Everyone receives them, and you may have fallen for one unintentionally hook, line, and signature (see what I did there?).

Way back before the turn of the century, this novel website arrived that allowed us to buy other people’s things – eBay.  Not long after opening an eBay account and purchasing a few items, an email arrived in my inbox.  This email warned me that there was a problem with my account, and I needed to sign in to remedy this “problem”.

Naturally worried about losing my ability to buy things I didn’t really need, I clicked the link to visit a page that looked exactly like a page on eBay with a form asking for my personal information to reset my account.  Things like my username, password, address, and… my social security number?  My spidey sense tingled causing me to look up at the address bar.  There I saw a URL that was not “ebay.com”, and realized someone nearly conned me into handing them everything needed to steal my identity.

In an effort to help you avoid falling for a similar scheme, here are 5 tips to help you recognize what a typical phishing email looks like.

1 Who’s the Real Sender?

Phishing Email Header

Make sure the organization name in the “From” field matches the address between the brackets.  Watch out for addresses that contain variations of the organization’s name.  Something like ebay.securesite.com.  Any legitimate mail should come from the organization’s domain (meaning it should end with ebay.com).

2 Check the Salutation

Phishing Email Salutation

If you do business with an organization, the first line of the email should always contain your name. Don’t trust impersonal introductions like “Dear Customer.”

3 Use Mouse Hover

Phishing Email Hover

When you hover over an email link, you will see the full URL it will direct you to.  Do NOT click the link.  Just hover.  If the address isn’t where you’d expect to go (ending in ebay.com), don’t click it.  Check all the links.  If the URLs are all the same, it’s likely a phishing email.

4 What’s in the Footer?

Phishing Email Footer

The footer of any legitimate email from an organization should contain at least the following info:

  • A physical address for the brand or institution
  • An unsubscribe button

If either of these items are missing, it’s probably fake.

5 If in Doubt, Delete the Email

Phishing Email Delete

If you don’t know the sender, or even if something seems off, delete the email.  If it’s not fake, the sender will contact you another way or send the message again.  You also can visit the organization’s site directly.  Typically any communication sent to you will also be available within your account.

Prevention and Recovering

We at Pit Crew IT Services hope all the tips we provide will prevent you from becoming the victim of a data breach.  However, it’s also vital that your business has systems in place for disaster recovery.  If you’re not sure where your business would stand in the event of a data breach or hardware failure, contact us today for a free consultation.

Get a FREE IT Consultation!

Start Now