Email Phishing

Wait, What's Phishing?

Phishing is an attempt to obtain infomation or access to an account, workstation, or even credit/debit card information! By disgusing themselves, typically as a trustworthy source, these malicious users will attempt to exploit you into providing their desired sensitive information. This page serves as reference material on how such attacks can be prevented and avoided.

Email Phishing is especially dangerous for businesses as malicious entities will mask the sender address and links within the email itself to appear as if the email is coming from alegitimate business partner or coworker. When a user follows these links, they can be guided into filling out compromised forms and submit them straight to the sender.

Preventing Phishing Takes Teamwork! Here's What We Are Doing:

• Email Spam Filtration - We implement a superior spam filtration system that stops suspicious and fraudulent emails before they even reach your inbox.
• DMARC - An email authentication protocol that verifies the email sender's and reciever's credentials to prevent fraudulent emails from being sent at all! We include this protocol on our secure email server.
• Antivirus Software - We install antivirus software on each workstation to protect every user locally from malware or virus from accessing files and documents.
• Network Security - We go beyond endpoint protect, and secure your entire office network with a VPN, or virtual private network. This acts as a network firewall and helps defend against infiltration at the network level.
• User Training - Teaching users to recognize and avoid phishing attempts is our best line of defense. By providing documents like this webpage as well as other resources on phishing, we can prevent phishing from happening even if a phishing email manages to bypass our security.

What You Can Do To Help:

There are several steps you can take if you receive a suspicious email:

Consider the Context

Is the email asking you for payment or account details? Does it ask you to perform any task that seems outside of your work scope? Typically, malicious entities will utilize these tactics to elicit their deisred information.

Additionally, phishing email carry with them a sense of urgency. They typically demand an immediate response. This tactic is used to convince users that there is no time to think and that they must comply to save their account or billing info.

Check the Sender and Attachments

Be sure to examine the address from of the email. Often times, this will be spoofed to appear as legitimate. Be sure to look at email attatchments as well. Refrain from downloading attatchments or files ending in '.exe' as these types of files have the potential to be malware.

Email 1:

❌ Red flag icon pointing to suspicious display name "Acme Bank" with sender address ex. "encrypt€d@phishing.com"
✅ Green checkmark icon for examining attachment file types showing .docx, .pdf, .jpg attachments safe to open

Email 2:

❌ Red flag near attachment called ex. "document.exe" indicating unsafe file type
⚙️ Icon pointing to attachment settings button advising to not enable macros

The infographic reinforces key ideas covered in the tips:

* Scrutinizing display name vs actual sender address to catch spoofing
Reviewing attachments and file types carefully before downloading
Avoiding risky file types like .exe that could execute malicious code
Disabling macros which can infect systems in documents

Be Cautious of Hyperlinks

Hyperlinks are often disguised as well. Scammers will try to bait you into clicking a link that takes you to compromised website. This is an attempt to have you enter sensitive information, submitting it straight to the scammer

A good practice to adopt is to manually visit the site the potential phisher is directing you to. This extra step helps verify that you are visiting the right site and not entering account details into a false website.

Beware of Malicious Links

❌ Red background highlighting email link ex. "AccountResetVerify.com"
🔗 Shows mouse hovering over masked link revealing tricky misspelled legitimate domain
🚫 Mouse clicking the link shows browser entering credentials on phishing page (in red box) to warn not to actually submit data

Manually Navigate

📧 Shows phishing email with link ex. "MyBank-online.com"
👆 Mouse manually types the real bank URL such as "MyBank.com" into address bar
✅ Green verified checkmark on actual bank domain
⚠️ Red flag X highlights the typo in the fake phishing link

Look for an Email Signature

Sometimes, scammers will try to appear as coming from within your organization, or from someone you communicate with regularly. Examining the sender's email signature is an excellent way to verify authenticity. If the signature doesnt match the signature the sender was using before, it may be fraudulent.

Reach Out

If the email seems to come from a reliable source but you still feel cautious, you can always reach out to the sender via telephone, or a new, fresh email - that is, not replying to the sent email, as a way to confirm the identity of the sender.

Don't Respond, Don't Forward

If you've tried the above steps and still dont feel comfortable, the best course of action is not to react, respond, or forward the email but instead contact your IT service provider and alert them of the suspicious email.

Additional Reading

Email phishing and its prevention are huge topics. So huge that it can be difficult to cover all of the bases in a single article. Below are a few articles you can read to suppliment your growing knowledge.

• Khan Academy - Phishing and Password Attacks
• U.S. Federal Trade Commission - Phishing