A criminal is planning his next heist. He’s looking for the easiest target—the path of least resistance, where he can win big without much effort.
Only today, he isn’t looking to steal a vehicle without an automatic alarm, or to rob a bank without a security guard. Today, he’s looking for people like you and I—plugging away on our laptops and mobile phones, unaware that we’re being watched and targeted.
The number of spam and phishing attacks are on the rise, and your best defense is awareness. Here are a few of the most common phishing attacks we’re seeing, and best practices to avoid getting caught—hook, line and sinker.
Bad files sent from file sharing services
These attacks occur when hackers use legitimate file sharing services—such as WeTransfer or Dropbox—to decieve users. Often, these free file transfer services don’t have the most secure protections against abuse and are easily leveraged to send what seem like legitimate emails. To protect yourself from these malicious emails which contain links to infected files, you can:
- Check the formatting — Is it off from the usual formatting of emails from your file transfer service?
- Check the email address of the sender — If you weren’t expecting this file from someone you know and trust, delete the email.
- Check the spelling/grammar — If it looks unprofessional, it probably is.
In any case, if something seems off, simply don’t click on any links, and the hacker cannot infect your system.
Email that appears to be sent from a well known public figure, manager or executive
Hackers can use random, compromised email accounts and change the name so that any incoming email appears to be coming from someone you would regularly know and trust, such as a manager or executive. Typically, these messages will either attempt to open a dialogue with you, or they’ll contain infected files or links.
Ensure you’re always checking the address the email is coming from—often, it is difficult for hackers to change the actual address, and this can be a sure sign that the email is fake. If you are still unsure whether the email is legitimate, confront the sender in person or via text or phone to confirm they sent the email. If you can confirm it’s a phishing attempt, simply delete the email—the hacker cannot infect your system unless you click on the malicious file or link.
Email that appears to be from someone you trust
Perhaps the most difficult phishing attacks to identify are emails that appear to come from someone you trust, like a close family member, friend, or colleague you speak to regularly. The good news? These emails are often sent using bots or worms, so the content of the email can seem very robotic and it likely won’t sound like your trusted friend or colleague.
If you’re suspicious, always confront the sender using a different communication channel to confirm the email is legitimate.