Email Security - How to Recognize Phishing Emails

How to Recognize Phishing E-mails

From time to time you may receive email and question whether it’s valid or fraudulent.  Phishing e-mail messages are designed to steal personal information about you such as passwords, account numbers, etc. They ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data.  Phishing emails can cause a multitude of security concerns for you and your systems.
A few clues can help you spot fraudulent e-mail messages or links within them.

What Does a Phishing E-mail Look Like?

Phishing e-mail messages take a number of forms:
They might appear to come from a company you regularly do business with, such as your Internet Service Provider (ISP) or software vendor.

They might appear to be from someone you know. Spear phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT.

They might include official-looking logos and other identifying information taken directly from legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking pages.

They might include links to spoofed Web sites where you are asked to enter personal information.

Here is a recent example of a phishing scam in an e-mail message.
~~~

Subject: Reset your DOMAIN NAME password

Hello, EMAIL ADDRESS.

We received your request to reset your DOMAIN NAME password. To confirm your request and reset your password, follow the instructions below. Confirming your request helps prevent unauthorized access to your account.

If you didn’t request that your password be reset, please follow the instructions below to cancel your request.

CONFIRM REQUEST AND RESET PASSWORD

Click on the following web address:

https://DOMAIN.NAME/confirm.srf?lc=1033=EMAIL@ADDRESS=1

CANCEL PASSWORD RESET

Click on the following web address:

https://DOMAIN.NAME/CANCEL.srf?lc=1033=EMAIL@ADDRESS=1

~~~
Here are a few phrases to look for if you think an e-mail message is a phishing scam.
“Verify your account.”
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.
If you receive an e-mail message from your vendor or company you do business with asking you to update your credit card information, do not respond: this is a phishing scam.

“You won the lottery.”
The lottery scam is a common phishing scam known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part. The lottery scam often includes references to big companies, such as Microsoft. There is no Microsoft lottery.

“Respond within 48 hours or your account will be closed.”
These messages convey a sense of urgency so that you’ll respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised.


Ultimately, trust your instincts, if an email seems suspicious, don’t open it. If something about the email or the attachment makes you uncomfortable, there’s probably a good reason. Don’t let your curiosity put you at risk.

If you have any questions or would like additional information on Email Security, please contact me at 508 983-1982 or via email dsasso@ceservices.com.

Search

like_us_in_facebook   follow_us_in_twitter   add_us_to_google+   find_us_in_linkedin