What is Phishing?
by Andrew Serene
Phishing is a social engineering tactic where a malicious actor uses online communication (Email, txt, or instant messaging) to deceive you into giving out sensitive information, banking information or your passwords to access it. Typically, the messages pretend to come from well-known and trustworthy web sites or high-ranking authority figures.
- Do not click on links, download files, or open attachments from unknown senders.
- Always confirm abnormal requests with the sender via an alternative method of communication.
- Always follow company procedures for guarding sensitive information or supplying payments no matter who is requesting. Don't have a policy already?
- Consider implementing a policy that all money transfers and payments must be confirmed via telephone.
- Consider prohibiting the sending of any sensitive information like employee or customer information via email.
- Be cautious of email that:
- Comes from unrecognized senders
- Asks you to confirm information
- Tries to frighten you into acting quickly.
- Identify suspicious messages by looking for the following:
- The sender’s email address is similar to, but not identical to yours or a partner organization’s (like @scy11agroup.com instead of @scyllagroup.com or @linkeIN.com instead of linkedIN.com). It is often something small that just may not be noticed at first glance.
- The email contains an external link where the address is suspiciously similar, but not identical to one you use. (like https://outlook.micrsoft365.com instead of https://outlook.office365.com). When in doubt, use your favorites to access a website instead of clicking the link.
- The sender claims to be an executive or an employee, but the email is sent from an external email address (like @gmail.com or @outlook.com).
- The email contains attachments and is from an individual you are not acquainted with.
- A message appears to be an internal company announcement, but is sent only to you instead of groups of people or distribution lists (i.e. firstname.lastname@example.org)
- Enable TWO-FACTOR AUTHENTICATION on your banking, email and personal accounts. That way just getting your password isn't enough to access your accounts. We can help you set this up.
- It is OK to ask if you aren't sure that something is right. It is always better to reach out to your IT Support group or colleagues when in doubt.
This material is provided by The Scylla Group, Inc. for use by our clients and customers of Trend Micro Antivirus and Security products. Some content was supplied from Trend Micro provided Phishing Awareness Training via a corporate partnership.