Though spear phishing steals the headlines and is the most prominent of the modern phishing attack vectors, old-school phishing is still a threat.
Telltale Signs of Old-Fashioned Phishing
To the untrained eye – especially someone in a hurry, or who is less cybersecurity-savvy – old-fashioned phishing emails can be convincing enough to make someone click on a bad link or wire money recklessly.
But there are indications that a phisher has sent his lure out for you. Here are some signs of old-fashioned phishing attack methods within an email:
- Sloppy grammar, spelling, and layout – A most common indicator of a phishing scam. Poorly constructed messages are often linked to phishing. Remember: Legitimate organizations and institutions most often have dedicated staff that produce and proofread the emails or customer messages they send out.
- Suspicious addresses – Phishers often emulate real business addresses, with some letters and characters omitted.
- Generic greetings and addresses – Legitimate businesses would address you by your name, as well as provide their contact info. Greetings like ‘Dear Valued Customer,’ or ‘Sir/Ma’am’ are often signs that a phisher is targeting you.
- Suspicious attachments – A noteworthy feature of most phishing attack vectors, often accompanied by a false sense of urgency to convince you to “download this important document ASAP.”
- Spoofed links – Hover your cursor over any of the links in the body of the email. If those links don’t match the text that appears, chances are, you’re talking to a phisher.
- Secondary destinations – A tricky one: this is often a link to a malicious site that hosts infected files or skims credentials, but embedded or attached into legitimate documents or files.
- Missing ‘To’ email addresses – Legitimate emails usually indicate that they were sent to your email address. An empty ‘To’ field is often a sign of phishing.
- Requests for personal information– The message either requests or threatens you to reply with your sensitive info (credit card details, ID numbers, social security details).
Protecting Yourself from Old-Fashioned Phishing
Awareness is always key. Now that you know what to look out for, creating a detailed Data Loss Prevention (DLP) plan should be next. Here are some ways to prevent data loss and avoid falling hook, line, and sinker with these phishing attack methods.
- Create backups of your data. Deploy a backup and/or archiving system that will act as a ‘safety net’ in case of a successful breach. As much as possible, choose a solution that automates this process, backing up your data in a secure place in the cloud, with a set interval.
- Never give out personal information online. This is a general rule that everyone in your business should abide by. As much as possible, avoid oversharing on social media and other online platforms.
- Keep yourself and your team up to date with phishing techniques. Ongoing security awareness training and simulated phishing for all users are highly recommended to keep security top of mind throughout the business.
- Add an anti-phishing toolbar into your browser. This tool runs checks on the sites you visit and alerts you when you run into a malicious site.
- Verify the security of the website you’re visiting. Make sure the site’s URL starts with ‘https’. If you can, check its security certificate as well.
- Check your accounts regularly. Hackers and phishers can have a field day with unchecked accounts. Get into the habit of changing your password as often as every three months.
- Constantly update your browsers. Patches close gaps and loopholes in your browser’s security, so updating them regularly is a must.
- Deploy firewalls and anti-virus software. These will act as buffers against phishing attacks.
- Be wary of pop-ups; more often than not, they are phishing attack vectors. If you can, enable pop-up blockers on your browser.
- Think before you click. Always.
*Information for this post was provided, in part, by DropSuite. CM3 proudly deploys DropSuite as part of our Managed IT Solutions portfolio. If you are looking for assistance managing your IT and communications platforms, please reach out for a consultation.