About Us

IT Services

Understanding IT

News & Events



Contact Us

  • Register

Alternative IT Solutions Blog

Think Before You Click: Spotting a Phishing Attempt

Think Before You Click: Spotting a Phishing Attempt

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer - What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from [email protected], right? Well, if you get an email about your password or telling you to log into your account and it’s from [email protected], you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from [email protected] or emails from PayPal might come from [email protected] It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com - This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard - This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com - This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail - This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net - Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure - This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail - This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at Alternative IT Solutions. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

Know Your Tech: Virtual Machine
Microsoft is Constantly Improving Office 365


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, December 09, 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Cloud Network Security Email Productivity Privacy Hosted Solutions Data Backup User Tips Hackers Workplace Tips Microsoft Software Internet IT Support Managed IT Services Innovation Google Data Efficiency Communications Mobile Devices Data Recovery Hardware IT Services Malware Outsourced IT Cloud Computing Tech Term Cybersecurity Communication VoIp Smartphones Small Business Windows 10 Business Computer Mobile Device Gadgets Smartphone Collaboration Internet of Things Saving Money Managed IT Services Android Network Phishing Business Management Backup Artificial Intelligence Users Server Business Continuity BDR Windows Chrome Router Browser Miscellaneous Spam Information How To Office 365 Managed Service Alert BYOD Cybercrime Ransomware Upgrade Save Money Remote Monitoring Money Applications Social Media Data Breach Holiday Two-factor Authentication Word Disaster Recovery Servers Data Protection Mobile Device Management Data Security Computers Encryption Compliance Wi-Fi Windows 7 Training Voice over Internet Protocol Infrastructure Data Storage Display Vulnerability Microsoft Office Patch Management Networking Identity Theft History Operating System Social Engineering Staff Telephone System Facebook Passwords Paperless Office Managed IT IT Management Blockchain Business Intelligence Software as a Service Private Cloud Telephone Systems Settings Connectivity Scam IT Plan Unsupported Software Government Vendor Employer-Employee Relationship Information Technology Avoiding Downtime Human Resources Sports Update App Access Control Virtual Assistant Processor CES Augmented Reality Meetings Mobile Computing Proactive IT Digital Signage Virtualization OneNote Apps Budget Bring Your Own Device Bandwidth Password Spam Blocking Content Management Mobility Cryptocurrency Telephony Credit Cards VPN Google Docs Firewall Keyboard Automation Professional Services Fraud Machine Learning Redundancy Document Management Botnet Quick Tips Education Value Website Big Data Workers Google Drive Work/Life Balance Comparison Help Desk Law Enforcement Smartwatch IT Support Travel Telecommuting Network Congestion Saving Time FENG HBO Warranty Google Apps Business Mangement Devices Specifications Marketing Data Management Wire Computer Fan Manufacturing Computer Care Inventory Cast Business Technology Criminal Addiction MSP Health Cryptomining Amazon Web Services Remote Workers Password Management Search Engine Lifestyle Windows Server 2008 R2 Save Time Employee Remote Work HaaS Procurement Outlook Printer Gmail Thought Leadership Start Menu Millennials The Internet of Things Software Tips Camera Remote Computing Cables Netflix OLED Recovery Database Online Shopping Managed IT Service Smart Tech NIST Bing Regulations IT Consultant Frequently Asked Questions Mouse IT Infrastructure Recycling Security Cameras Tools Workforce SaaS Smart Office Black Market Biometric Security WiFi Virtual Reality Computing Authentication IBM Hard Drive Cache Solid State Drive Remote Worker Charger Evernote HVAC Flash Shortcuts Flexibility Windows 10s Google Search Mobile Entertainment Downtime Excel Administrator Multi-Factor Security Investment eWaste Hacker Current Events Virtual Machine Digital Signature Physical Security Virtual Private Network Wireless Samsung Theft Cabling Fiber Optics Password Manager Nanotechnology Supercomputer Wireless Internet Audit Wiring webinar Using Data Practices Data loss Safe Mode Electronic Medical Records Hiring/Firing Net Neutrality Bitcoin Accountants Root Cause Analysis Tip of the week Microchip Trending ROI Employee/Employer Relationship Risk Management Knowledge Hypervisor PDF Project Management 5G Cortana Default App Trend Micro Unified Threat Management HIPAA USB Data Warehousing GDPR Cleaning Wireless Charging Conferencing Hosted Computing Screen Mirroring File Sharing Social Skype Legal Public Cloud ISP Vendor Management Amazon Office Tips Leadership Batteries YouTube Windows Server 2008 Enterprise Content Management Sync Content Filtering Managed Services Provider Windows 10 Students Proactive Maintenance Azure E-Commerce Fiber-Optic Automobile Operations Worker Consultation IoT Company Culture Office Strategy Healthcare Remote Maintenance Managed Service Provider RMM Projects Hacking Battery Managing Stress Instant Messaging Assessment Analysis Electronic Health Records Streaming Media Smart Devices Printers Unified Communications Bata Backup Analytics Business Analytics Insurance Proactive Television Employee/Employer Relationships Thank You Content Filter Personal Information Computer Accessories Distribution eCommerce Storage VoIP Remote Monitoring and Maintenance Public Computer Congratulations Loyalty Regulation Rootkit Business Owner Financial Bluetooth Logistics Safety Window 10 Twitter Line of Business Employer Employee Relationship Utility Computing Two Factor Authentication

Latest News & Events

Alternative IT Solutions is proud to announce the launch of our new website at https://www.alternative-IT.co.uk. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Alternative IT Solutions can do for your business.

Call Us Today
Call us today
(0)20 8498 4300

Avocet House, Trinity Park, Trinity Way
London, England E4 8TD