Spotting and Stopping Phishing Attacks

Social engineering and phishing are responsible for 70% to 90% of all malicious breaches, so it’s very important, when reading your email, to keep your eye out for this type of cyber-attack. It is good to have a healthy level of skepticism which can help you spot and report potential phishing attacks before they’ve had a chance to be successful.

If I had to pick the most important hint, the single most suspicious red flag to me is a strange-looking hyperlink which does not directly point to a valid, trusted domain; especially if it goes out of its way to fraudulently appear as if it points to a legitimate domain or trusted brand (e.g., microsoftustechsupport@outlook.com, techtalk@google.com.rogueserver.biz, returns.amazon@amazongproducts.ru, etc.). Always hover over ANY URL links before clicking them.

The second most important sign is simply recognizing unexpected requests, which if performed, could lead to something bad. It could be a request to do many different things, including:

• Open and read a document

• Click on a link

• Visit a website

• Provide login credentials

• Process an invoice

• Change banking or payroll information

• Buy gift cards