Catharsis Managed IT Ltd blog
Tip of the Week: A URL Can Help Give Away A Phishing Attack
Back in 1995, scammers pulled the first phishing attack. They took the identity of AOL employees and requested the billing information of users through instant messaging. More sophisticated phishing attempts have evolved over the years, culminating in the commonly-seen email phishing attack, which tricks users into handing over personal or sensitive information. Phishing attacks can be seen through, so we’ll show you how you can identify threats before they become a problem.
How Phishing Emails Work
Above everything else, a phishing email needs to be convincing it if wants to trick anyone into opening it. For example, if you received an email from the bank filled to the brim with misspellings and blocked images, would you trust them? Phishing attempts have become more elaborate and more difficult to identify, as hackers understand that detail is important to trick users. Still, if you look closely, you’ll be able to identify a real message from a fake message designed to steal your information. In particular, you can check a URL for legitimacy.
The Tricks of Malicious URLs
Phishing attacks will typically require that the user clicks on a URL found in the phony email. They will then be redirected to a website that asks for their credentials. Most users who don’t know better will click on the link and not think twice about where it leads. Hackers understand this and try to distract them from caring by using strong language, urging them to take immediate action. This is how deceptive URLs try to succeed, but there is one fatal flaw in this tactic.
Avoiding Phishing Attempts
Phishing emails show all sorts of warning signs that you can identify if you’re observant. First, take note of any links that are in the message. Do NOT click them without first checking if they are legitimate. Hover over the link and see where it goes. Again, be extra careful to only hover over it and not click it. You should see where the URL goes, and if it’s not to the domain that it claims to be from, just avoid it. For example, if an email claims to be from paypal and wants you to click a link, the link should go to paypal.com--not payypal.com. Such an event could very well be a scam that wants to steal your username and password.
In other words, it’s a matter of common sense. Does the link look like it makes sense in the context of the sender?
If the answer is no, you’re probably staring at a phishing email. Don’t click the link, as it could perform any number of functions, from taking you to a malicious website or instigating a download of malicious files. Regardless, the end result will surely be detrimental to your organization and its network security.
Catharsis Managed IT Ltd can keep your network from suffering these types of breaches. To learn more about how we can keep phishing messages out of your inbox and monitor your network in real time for data breaches. To learn more, reach out to us at (416) 865-3376.