Basics of Phishing Emails

fishing

The intent of a phishing email is for a user to click on a link that will execute malicious code on their computer or for the user to provide sensitive information, such as a username and password, through a fake form. Phishing emails may also attempt to look like they are coming from a legitimate company, such as Google or Facebook, or be written in a way to make the user feel like they must act quickly or something bad will happen like their account will be locked out or they won’t get paid on time. For example, a known phishing email will appear to come from Microsoft technical support with the heading “Unusual sign-in activity” and urging you to contact support immediately by clicking on a link.

In addition to clicking on a link or providing information, other common goals of phishing emails are for a user to call a fake customer service number, open a document that has macros, or even just simply replying to the email. Sophisticated phishing campaigns may have a working hotline that users will be tricked into calling and providing personal information. Phishing emails can also contain attachments, such as a Microsoft Word document that when you open it, a piece of code known as a macro automatically runs. While macros were designed as an additional feature, they can also be used with malicious intent. Finally, replying to an email confirms that address as active and as a target for future phishing campaigns.

Phishing campaigns are easy to initiate, do not require bad actors to be technologically capable, and are so common that in 2019 alone, Google blocked 100 million phishing emails intended for Gmail users.

A great defense against phishing emails is understanding how to spot them. Start with the email address of the sender and the subject line. Is it unfamiliar or contain spelling errors? Also, be aware that email addresses can be spoofed and look like they came from a legitimate source. Look at the body of the email next, is it asking for you to enter sensitive information or asking you to act quickly? If any part of the email looks suspicious, do not click on any link or reply to the email. Notify your IT department and they will guide you through the proper procedures defined in their policies.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

1 thought on “Basics of Phishing Emails”

  1. Pingback: RANSOMWARE: AN EXISTENTIAL THREAT TO SMBS - Nomerel

Leave a Comment

Your email address will not be published. Required fields are marked *

SIMPLICITY, AS A SERVICE.

We know that businesses everywhere expect technology to add value, but struggle to make it work for them on their terms – simple, reliable, agile, and affordable.

Going beyond a great help-desk, our team is here, looking after your systems, answering your questions and solving problems before they arise. We manage your I.T. environment.

Simple to obtain, use, and own, our feature-rich VoIP phone system solutions are scalable and offer all of the popular capabilities of traditional phone vendors at a fraction of the price.

With capabilities ranging from enterprise hardware & software to business process engineering, disaster recovery and more, our team is ready to help meet your company’s technology needs.

Nomerel Logo

At Nomerel, we are dedicated to simplifying the lives of our customers by specializing in and providing world-class I.T. products and services to small & mid-size companies in northeastern Oklahoma.