Tip of the Week: How to Foil A Phishing Attack By ID’ing a Bad URL
Phishing attacks have been around for decades, first being recorded in 1995 where scammers would pose as AOL employees and request a user’s billing information through instant messages. Nowadays, email phishing attempts have tricked users into handing over personal information of all kinds. There are many methods of identifying a phishing attempt, but today we’ll focus on one.
What Phishing Emails Need To Work
First and foremost, a phishing email will need to be convincing before it will trick its victim. You wouldn’t trust an email from your bank where they misspell your name and the name of the bank itself, would you? Unfortunately, many phishing attempts have grown more elaborate and attentive-to-detail, so you need to pay closer attention to spot the discrepancies between a phishing email and a legitimate one. This is where checking any URLs in the message come in.
The Dangers of a Deceptive URL
Most phishing attempts depend on the user to click through to a website that then steals their credentials. The fact that they can hide the URL behind the contents of their message only makes it easier for a cybercriminal to hook an unsuspecting victim. The target reads the message and naively clicks through to the website -- at least, in theory.
How to Avoid Being Phished
The first thing you need to do is to consider all of the warning signs of a phishing email. However, if there’s an included link in any incoming message, you need to be especially wary as you evaluate that. Fortunately, this is a fairly simple, straightforward process. Rather than clicking through the link, simply hover your cursor over it. The associated URL will appear. If the URL isn’t going to the domain you expect it to, you need to avoid it. For example, if an email that looks like it is from PayPal wants you to go to payypal.com and confirm your username and password, chances are it’s a scam and you’ll be giving your credentials to hackers.
Make sure you ask yourself, does it make sense, considering who the supposed sender is? Does it match the URL associated with the sender’s email?
If it doesn’t, you are likely the intended target of a phishing email. Whatever you do, don’t click on that link, as that is likely all it would take to infect your system.
ISC can help you keep your systems clear of similar threats through our preventative monitoring services and educational resources. Call us at 502.292.5097 to learn more.