What was the most common type of cybercrime in 2020 you ask? Phishing! These email scams utilize deceptive information and links, aimed at tricking users into providing sensitive data. A survey by Verizon earlier this year, discovered 75% of businesses across the globe were targeted in some form by a phishing scam.
Attempts to confuse users are becoming increasingly sophisticated. Here we’ll provide some examples of what to look for when deciding if the email or communication you’ve received is legitimate.
A URL (Uniform Resource Locators), is an address or location of a resource on the internet. Because everything has a URL, it can be easy to miss an error. Once you’ve been “hooked”, the misdirection may not be obvious… until it’s too late.
Perhaps the most obvious error to spot is misspelling. It may be an extra letter or two, or just a few letters out of place. Can you spot the difference in these two URL’s?
www.llnkedin.com
www.linkedin.com
What about the brand name in the URL? Is it spelled correctly?
Microsoftnline
Microsoftonline
Where is the brand name in the URL? Hint – It should be in the domain name. If you see .com before the brand name – Beware!
devopspnw.com/logon.microsoftonline.com
login.microsoft.com/userid=joenorth
Does the brand name in the email match the brand name in the domain?
Bank of America
BankOfAmerica@customerservice.help.com
How long is the URL? Watch out for URL’s with more than 100 characters. These are meant to hide the true domain.
http://sample.com/bank.gov/aldfjdlkfjsalkdjf;dfiawfdfsd;lfjfw;oewjflwijflijfiewf;ewo
At last, you’ve confirmed the URL and feel confident to open the email…then there’s an attachment!
Often, the malicious content will be included as a file, that when opened, launches malware, collects your information, etc., etc.
The name of the attachment may indicate it’s a PDF. For example, INV1243.pdf. However, when you hover over the link, the URL appears as https://e.pr/free/d/stuff. What happened to the .PDF extension?? Beware and do not open it!
While some of these examples may be used by reputable organizations, it is important to be wary and verify the sender and the content. Especially before providing personal or sensitive information. If you are the least bit suspicious, delete the email and contact the organization directly to confirm.