What is Phishing? (And How to Avoid It)

Let’s start with the basics.

What is phishing?

Phishing is a type of social engineering where a cybercriminal sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or deploy malicious software on the victim’s device or within their organization. Typically, phishing comes in the form of a fake or spoofed email, text message or other type of electronically written message.

What types of phishing are there?

There are three main types of phishing: PowerShell, Sandbox evasion and Macros, the most common type used being Macros. These three types of phishing allow cybercriminals to deploy phishing emails, distribute phishing emails, and take control of complete networks after phishing has been deployed.

How can you prevent being a victim of a phishing attack? 5 Tips to Avoid Phishing Emails: 

While phishing emails are inherently intended to be “sneaky”, there are some easy tips to remember to avoid falling victim to this common type of attack.

1. Think before you click. Should you be receiving this email? If anything feels odd or out of place, confirm the sender by calling them before clicking or opening any attachments.
2. Do you have a relationship or an account with the person or vendor emailing you? If you are receiving an email from a vendor you do not regularly work with, stop and confirm the sender before clicking.
3. Check the sender email address by hovering your mouse over the email address and looking at the actual address listed. Is it a legitimate email address (@companyname)? Be wary of anything that might appear as “amazon@gmail.com”. All large companies will have a company email URL.
4. Is it tax time? Be extra careful of phishing attempts around tax time. When in doubt, call to confirm with your accountant or the IRS.
5. Does your company offer cybersecurity training? Take advantage of company tips to avoid phishing emails. If you are a c-suite employee, consider initiating company-wide cybersecurity training to help educate employees to spot the signs of a phishing email. We also offer cybersecurity training at Clarity Technology Group. Contact us to learn more about the cybersecurity training we offer for our clients.

If you are ever concerned you’ve been the victim of a phishing attack, contact your IT security team immediately before taking any action. If Clarity Technology Group can help, get in touch with us here.