With the holiday shopping season in full swing, tax season just around the corner and data breaches happening on a regular basis, it’s important to be constantly vigilant on the Internet.
One of the most common and successful ways for malicious actors to take hold of your sensitive information is through phishing attacks. A phishing attack is when a malicious user masquerades as a legitimate company to try and obtain usernames, passwords, credit card information and other sensitive information via electronic means. Luckily, this is a type of attack you can easily protect yourself from.
The majority of phishing campaigns happen via email. The usual verbiage of these emails creates a false sense of urgency by using phrases such as, “click this link to re-authenticate,” “for your safety, we require you to set up a new password,” or “if you do not sign-in now your account may be terminated.” Here are some simple steps you can take to determine the authenticity of any potential message:
- Check the sending address for any misspellings or inverted letters.
- Don’t click on any links in the messages. Hover over links first to see the full URL or right click and copy the URL and paste it into your browser’s address bar. Review the URL for any domain names that are misspelled, have inverted letters or just don’t make sense.
- Review the body of the email and also check for any misspellings and poor grammar.
These are general best practices for reviewing potentially malicious emails. Even after taking these steps, however, you may still fall for a phishing attempt, particularly if the sender is spoofing email addresses.
Spoofing an email address is when a part of an email, such as the sending address, is altered to look as though it was sent by someone else. In these cases, it’s helpful to analyze all of the email headers. How you access those headers depends on the email client you’re using. You can view instructions on how to access email headers for various popular email clients here.
Even after taking all these steps, it’s still possible to fall victim to a phishing attempt. Here are some additional steps you can take to protect yourself:
- Make sure your sure your systems and anti-virus software are up-to-date
- Run an anti-virus check on your computer to check if you have picked up any viruses.
- Change your password and any security questions as soon as possible. If you have the same password across multiple online accounts change those as well. Click here for some password best practices.
- Enable two-factor authentication on all online accounts that allow this feature. This is an extra layer of protection that only adds a few extra seconds to your normal logging in.
- Keep a close eye on your online accounts for the next few weeks for any unauthorized activity. If you see something out of the ordinary, report it immediately.
Today’s threat actors are no longer simply lone wolves or teenagers in their mothers’ basement. They often belong to large and organized enterprises that make a lot of money off of normal, everyday users’ mistakes. Taking a few extra steps each time you log in or review an email will help you keep your information safe.
Visit our Rackspace Support Network for more information on spoofing, reading email headers and how to protect yourself and your business from these types of attacks.