Are you Phishing Savvy?

Keeping yourself safe from scams starts with knowing the terminology and types of phishing that exist:

• Phishing is the umbrella term for all types of fraudulent attempts to obtain sensitive information through electronic communications including email, websites, social media, etc.
• Ransomware is a type of software or malware that once installed on a computer or tablet prevents users from accessing their system or personal files and demands ransom payment in order to regain access.
• Smishing is a form of phishing when someone tries to trick you into giving them your private information via a text or SMS message.
• Vishing is the telephone equivalent of phishing. The caller will pretend to represent a trusted entity like your bank, your phone provider or even the government and will try to get you to reveal personal information like Socia

Even though there are some phishing scams so well developed that could fool an IT nerd, the majority have subtle and not so subtle irregularities that you can look for such as:

• Misspelled Words or Bad Grammar
  Banks, governments and other large organizations employ professional writers and designers to ensure all their email and web content is grammatically correct and typo free. Therefore, if you come across a poorly written email, better to mark it as spam or junk mail and contact the company directly via phone to report the phishing attempt.
• Generic Titles or Suspicious Naming
  Any company that has you in their database will also address any emails directly to you and not to a generic or vague recipient. If it says “Dear Sir or Madam”, “Dear account holder” or even “To whom it may concern”, then you can be sure that it did not come from the real company. In addition, look for suspicious data within the email like your nickname or if your name is written differently than the account – fraudsters may gather your name or other information from your social media accounts.
• Attachments of any Kind
  Banks, PayPal and the government all know better than to include an attachment on any official correspondence. If you receive an email from a company you do business with and it includes an attachment you were not expecting, then it is highly likely a scam – do not open the attachment and definitely do not click on any links within the email. The only exception to this rule is digital signatures, which can sometimes show up as attachments.
• Strange Email Addresses
  The more sophisticated fraudsters will invest a lot of time ensuring the email header of the email looks as much like the original as possible. This includes coding the email so it looks like it’s coming from a legitimate source like [email protected] but it’s actually coming from hacker’s email address. The less savvy criminals will not hide or code their email addresses, so you may see unknown email address or accounts setup to be similar to an actual company’s like [email protected]

While it’s easy for a human to be tricked by fake login pages, password managers are not deceived in the same way. Password managers are applications that keep track of all your passwords so that you can make them more complex and challenging for hackers to breech. If the password manager refuses to auto-fill a password, it’s usually a good sign to check the URL address to ensure you are on the right website. An even better idea is to use the randomly generated password from the password managers so you are forced to rely on auto-fill and less likely to type your password into a fake login page.

Most companies will not ask you to take immediate action via email, so be suspicious of any email that has an urgent quality to it. If you do get an email from your bank, government or other company asking you to login into your account for any reason – don’t use the links within the email to access the site. Instead, go into your browser and type in the actual website address into the address bar. Also, don’t forget to look for the padlock icon in the address bar beside the “https” – if the padlock icon is closed, it means the web address(URL) displayed in the address bar matches the URL that is embedded in the security certificate and that the security certificate comes from a reputable certificate issuer. Keep in mind that this isn’t full proof – some advanced hackers are able to setup phishing sites using ‘https’ protocol

A company called Jigsaw has partnered with Google to develop a quiz to teach people how to better spot phishing emails. Interestingly, the quiz seems like phishing itself because the site address is https://phishingquiz.withgoogle.com/ but don’t worry – this one is actually an authentic website that can test your ability to identify phishing emails.

At Xplornet, we mainly contact customers about taking action on their account via snail mail or phone. Occasionally, Xplornet does send automated emails to customers, but these emails will never ask you to submit any personal information. If you do come across any suspicious emails or websites that claim to be Xplornet, please report them to [email protected].