October might be the official marker of Cyber Security Awareness Month, but unfortunately hackers are busy trying to steal your sensitive information all 12 months a year. And that’s why we want you to be prepared for any attack they might launch at you. 

Lately, we’ve seen an uptick in phishing attempts, but with the right information in your back pocket, we’ll help you spot and avoid them with ease! 

Let’s start with what is phishing 

Phishing typically happens over email and is an attempt to trick you into allowing cyber attackers access to sensitive and confidential information.  The most common forms of phishing attempts happen through legitimate looking emails that typically ask you to click a link, which in turn, can provide hackers dangerous access, download viruses onto your computer, and can wreak havoc on your business. 

Lately, our IT team has noticed an influx of fake Microsoft emails from phishers so please be aware. 

How do you assess whether an email is legitimate or dangerous?

Some common tactics cyber attackers will use include: 

• Suspicious email addresses: While they’ll attempt to make them appear as credible as possible, they can’t use a company’s actual email address. When assessing who an email’s from, be aware of omitted or altered characters or email addresses that don’t end in the company domain (e.g. help@microsoft.com vs. microsofthelp@gmail.com or help@microsoft.net)

• Generic greetings & signatures: While a generic “Dear valued customer” or “Sir/Ma’am” might seem harmless, it is actually an indicator that this isn’t the legitimate business that would and should have your information. If you’ve ever interacted with the company the cybercriminal is trying to impersonate, they would likely have your name and/or attempt to write a warmer email. Also, be aware that the signature is the actual person you think it is by verifying the person on LinkedIn, the company’s website and/or another trusted source. 

• Spoofed hyperlinks and websites: Hackers’ way in is through you clicking their links, and just like the from line, they’re going to make them look as credible as possible. Before you click on any link, hover over it to ensure it’s leading you to a trusted, safe location. To do so, look to see that the website they’re sending you to is spelled correctly and going to the actual domain of the company.  Also be aware that hackers may use a URL shortening service to intentionally hide the true destination of the link.

• Suspicious attachments: An unsolicited email that requests you to download or open an attachment is a common delivery method for malware (e.g. viruses). Similar to exampining the URLs, you’ll want to confirm the validity of a download or attachment by asking yourself if it’s coming from a company you’ve worked with in the past or signed up for their emails. Note, if the sender provides a sense of urgency about how you have to immediately download the attachment, you’ll want to think twice. 

• Spelling and layout oddities: Poor grammar, sentence structure, typos and inconsistent formatting are all indicators of a possible phishing attempt. All reputable companies have dedicated personnel and processes in place to ensure that their emails are well-written and present the company in the best, most professional light. That means that if the email you received doesn’t have those checks in place, they’re probably not a reputable business.  

So now that you know what phishing is, what do you do if you think you’ve received a potentially dangerous email? 

Most importantly, never click on any link that looks suspicious! You now know what to look out for so if you see something that looks fishy, report it to your IT department immediately. Phishing attacks normally come in waves so letting IT know what’s going on will help them get ahead of and prevent the phishing attack. 

Additional ways to protect yourself include: 

• If an email asks you to contact them, independently verify the contact information directly on the company’s website or with a trusted contact within the company, if available. 

• Be aware that cyber criminals can imitate both companies and individuals so know that while an email can appear like it’s coming from someone you know, if something seems off, it could indicate that they were infiltrated and now the hackers are trying to get to you through them. 

• Phishing can also take place via texts and phone calls so remain on heightened alert, don’t click links and report attempts to your IT department. 

And remember, at YBO our mission is to help prepare you for all back-office needs. If you have any additional questions about phishing or other cybersecurity offenses, please reach out to us. We’d be happy to connect you with our IT experts!