What is “phishing” and how can you prevent it?
Phishing emails are one of the most common attacks used to gather users’ confidential information. They come in the form of emails or texts and often look to impersonate a co-worker, colleague, or business to gain your trust and get you to act. There are several ways to identify these types of attacks, but they are constantly evolving and becoming more realistic when imitating the sender. Some tips for identifying a phishing email and avoiding being a victim would be:
- Hover over any links sent in any email you receive. Hovering over the link and not clicking on it will allow the full URL to be displayed. If the URL doesn’t match the one shown in the email, this link is likely fake, and the email is a phish.
- Look closely at the “from” email address. Attackers can easily spoof the names of co-workers, colleagues, and companies, but their email addresses are more difficult to replicate. If the email address is slightly different from what it should be, it is likely a phishing email.
- Never click or download any attachments you are not expecting to receive. Attachments often contain malware, viruses, or other malicious pieces of code designed to compromise your data. Downloading or clicking an attachment without verifying its legitimacy with the sender could lead to a security breach.
To learn more about this particular phishing campaign, check out Intuit’s security notice or the recent post from Bleeping Computer, which outlines the attacks in further detail.
For more information on how to better protect yourself from cyber-attacks, check out some of our Security blogs, such as Cybersecurity Part 1 or 5 Secrets to Password Security in 2022.