Phishing is a technique that involves tricking you into thinking you are on a secure website or responding to a legitimate business email to steal confidential information, passwords, etc. This technique is the start of most data security breaches including the Target breach.
If you are unsure if an email is legitimate, ask yourself these questions before replying or clicking on a link:
1. Who is sending this email?
- Do you know the sender? Does it look like emails you normally get from the them? Remember, the criminals can choose who they say they are. They can choose to send an email ‘from’ anyone you may know.
- Scrutinize the sender email, as many times they will have a slightly misspelled or incorrect domain (e.g. @amazon.com is spelled @aamazon.com)
2. Who is the email being sent to?
- Verify if the salutation is specific to you, as many times scams will just be directed to ‘customer’ or are sent to undisclosed recipients.
3. What is the email’s purpose?
- Email is NOT a secure way to share sensitive information. As a general rule of thumb, “you should never provide information if someone calls or emails you that you didn’t initiate or were not specifically expecting.”
4. Does the link look valid?
- Even though a link looks valid and displays the correct web address, it could take you somewhere different.
- Hover over links to see the URL, as many times this will either point to an easily determined fraudulent link or to a tiny URL that was placed there to mask the fraudulent link.
The majority of all malware/viruses/data breaches start with phishing. That means even if a small portion of employees click these links it opens the entire company up to the impacts of malware/viruses/data breaches.
That could mean shared drives down for extended periods of time, it could mean loss of banking information and/or it could mean a loss of customer/employee information that requires state notifications.