Watch Out for Phishing Attacks Hidden in Your Email
Online criminals know we are all busy, and that we often aren’t focused on what we are opening, reading and where we are clicking. They take advantage of that inattention by forging email messages to look like they've come from Apple, Facebook, and Amazon, along with well-known banks, payment services, retailers, and even government agencies such as the IRS and the Social Security Administration. Even more dangerous are messages that appear to come from a trusted individual and include personal details—often targeted at executives and company managers.
Generally speaking, these attacks are called phishing. And they cost businesses hundreds of millions of dollars every year.
The goal, of course, is to prompt you to click a link in the message and visit a malicious website. That site usually continues to masquerade as being run by a company or organization you trust. Its aim is to sucker you into revealing confidential information by asking you to log in, pay for a product or service, or fill out a survey. The site — or an attachment in the email message — might also try to install malware. Although macOS is quite secure, it can still be affected if you approve certain security prompts.
Here’s how you can help identify potential phishing attacks.
•. Be suspicious of email messages from people you don’t know or from well-known companies that ask you to click a link and take action with an online account.
•. Look closely at email addresses and URLs (hover the pointer over a link to see the underlying URL). Phishing messages don’t use official domains, so instead of paypal.com, the addresses and links might use paypa1.com — close enough to pass a quick glance, but clearly a fake.
•. Beware of highly emotional or urgent requests for money or action. They are designed to make you react without thinking.
•. Channel your inner English teacher and look for poor grammar or odd phrasing, which are red flags for phishing messages. Email from real companies may not be perfect, but it won’t have multiple egregious errors.
So what do you do if you get a message that may be phishing for sensitive information?
Most of the time you can just ignore it. But If you’re worried that it might be legit, instead of clicking any links in the message, manually navigate to the site in question by typing the organization’s URL into your browser — just be sure to use a URL you know to be correct, not the one in the email message. Whatever you do, do not open attachments that you aren’t expecting and never send confidential information via email.
Most people wait until they have fallen prey to a phishing attack before changing passwords, and that is not a good practice. Be proactive. Change passwords frequently on stable or affected accounts. If you’ve opened any suspect attachments or approved any installs, run anti-malware software to determine whether your Mac has been infected.
As always, contact CranstonIT at 888-813-5558 if you need help. We can help protect your computers, servers and networks from phishing attacks, malware, password hackers and several other security breaches. We can establish network security through firewalls and secure access portals, as well as computer security through encryption and anti-virus protection. And we can help protect your data with ongoing, consistent and secure data backups.
•. Look closely at email addresses and URLs (hover the pointer over a link to see the underlying URL). Phishing messages don’t use official domains, so instead of paypal.com, the addresses and links might use paypa1.com — close enough to pass a quick glance, but clearly a fake.
•. Beware of highly emotional or urgent requests for money or action. They are designed to make you react without thinking.
•. Channel your inner English teacher and look for poor grammar or odd phrasing, which are red flags for phishing messages. Email from real companies may not be perfect, but it won’t have multiple egregious errors.
So what do you do if you get a message that may be phishing for sensitive information?
Most of the time you can just ignore it. But If you’re worried that it might be legit, instead of clicking any links in the message, manually navigate to the site in question by typing the organization’s URL into your browser — just be sure to use a URL you know to be correct, not the one in the email message. Whatever you do, do not open attachments that you aren’t expecting and never send confidential information via email.
Most people wait until they have fallen prey to a phishing attack before changing passwords, and that is not a good practice. Be proactive. Change passwords frequently on stable or affected accounts. If you’ve opened any suspect attachments or approved any installs, run anti-malware software to determine whether your Mac has been infected.
As always, contact CranstonIT at 888-813-5558 if you need help. We can help protect your computers, servers and networks from phishing attacks, malware, password hackers and several other security breaches. We can establish network security through firewalls and secure access portals, as well as computer security through encryption and anti-virus protection. And we can help protect your data with ongoing, consistent and secure data backups.