PHISHING is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. Cybercriminals may also attempt to lure users to click on a link or open an attachment that infects their computer with viruses or malware, creating vulnerability to attacks. Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information like account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access their accounts.
E Street has seen a significant uptick in phishing activity this year.
This is a real and significant threat for your business!
- When in doubt, throw it out: Links in email and online posts are often the way cybercriminals compromise your computer. If it looks suspicious - even if you know the source - it's best to delete or, if appropriate, mark it as "junk email." Contact the company directly (via phone) to be sure the email is not legitimate.
- Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or asks for personal information.
- Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password. Longer passphrases are also recommended.
- Install and update: your Webroot anti-virus software automatically by making sure E Street RMM is installed on all of your devices. Make sure all of your computers are equipped with regularly updated antivirus software, firewalls, email filters, and antispyware (look for your E Street network report for more information).
- Be wary of hyperlinks: Avoid clicking on hyperlinks in emails; type the URL directly into the address bar instead. If you choose to click on a link, ensure it is authentic before clicking on it. You can check a hyperlinked word or URL by hovering the cursor over it to reveal the full address. Try it out! There are a few hyperlinks within this article that are safe which you can hover over.
- Check with E Street: Make sure you have all the necessary baseline network and device security in place. If you are currently part of our ELAN or Managed Service plans your most recent network report should have recommendation covering your technology.
SOME PHISHING EXAMPLES
- "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
- "During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
- "Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund."
- “Your password is expiring soon. Please log in and update your password within the next 24 hours.”
Please review the following screenshots showing actual phishing attempt email content with notes.
Phishing example 1 (see notes in RED)
Phishing example 2 (see notes in RED)
Phishing example 3 (see notes in RED)
Phishing example 4 (see notes in RED)
Phishing example 5 (see notes in RED)