What Is Phishing? (& Tips To Avoid It)

As a business or technology leader, you are likely familiar with the term “phishing.” You may have a general idea of what it means and what it looks like. You (or one of your colleagues) may have even fallen prey to a phishing attack (and may not even know it yet). 

Phishing is a social engineering tactic used by hackers with malicious intent. All social engineering efforts are designed to trick people into divulging or gaining access to sensitive information. 

Here’s the thing:  phishing is just one of the many social engineering tactics that people with malicious intent can use to gain access to sensitive information. It’s tough to keep all of the tactics straight. I understand and I can help.

I work for an IT service provider. Customers often ask us about phishing. In this article, I’ll give a simple definition of phishing, explain how to recognize it, and most importantly, provide tips you can use to avoid it. 

What Is Phishing? 

Phishing is one of the most common social engineering tactics. 

Phishing ploys typically use some kind of “bait” to attract and lure users into providing sensitive information. Whether that information is in the form of login information, social security numbers, banking information, or sensitive credit card data, the goal of a phishing attack is to gain access to otherwise secured data. 

Who Does Phishing Target?

Anyone can be a victim of a phishing attack. As we all use electronic communication for everything from social media and work to shopping and banking, opportunists look for ways to take advantage.

What Does Phishing Look Like? 

There’s a reason that phishing is the most commonly used social engineering attack:  it works. 

While the majority of phishing attempts occur via email, they can also be carried out through phone, text, or social media.

Most phishing emails are designed to look like they came from someone a user knows and trusts. Whether that is a neighbor, friend, store, app, or bank, at first glance the message may look legitimate. 

Any time you receive correspondence that asks you to click on a link, don't click automatically. Instead, stop for a second. Rather than clicking automatically, retrain your brain.  

How To Spot Phishing

In the early days, spelling or grammatical errors often signaled that a message was a phishing attempt. While phishing has become more difficult to spot, certain telltale signs can help you spot a scammer:

1. Any email that asks you to click on a link should immediately arouse suspicion.
   
   
2. Hover over the “from” in the subject line - if you are wondering if it is from a legitimate address, copy the address and open it in your web browser.
    
3. What time was the email sent? If it was outside of normal working hours, that should raise a red flag.
   
   
4. Phishing emails usually contain a sense of urgency. They may say that your account has been compromised or that they need to confirm sensitive information immediately to protect your account.

What Can You Do To Avoid Phishing?

1. The first step in avoiding phishing scams is to make sure you keep your filters up to date. While this won’t protect you from everything, it’s a good place to start. 
   
   
2. If you get an email that looks legitimate, but you aren’t sure about it, consider calling via telephone or stopping by the office of a colleague if appropriate to confirm that it is authentic. Don’t just click on the link. Trust your gut and check it out through another source that you know to be reliable. 
   
   
3. Know the signs. If something looks suspicious, check it out. Whenever you have the impulse to react spontaneously, pause to think it through first. Retrain your brain.
   
   
4. Back up your data on all of your devices often. That way, when something happens, you will be able to restore your data more easily.
   
   
5. Consider offering cybersecurity awareness training to your employees. They can’t be expected to protect against threats they don’t know about. Keeping cybersecurity issues like phishing at the top of everyone’s mind regularly is the best way to protect your organization. 

(Not sure what to include? Read this article: 3 Topics All Cybersecurity Awareness Training Must Include.)

Next Steps To Protect Yourself From Phishing 

According to the Federal Trade Commission, scammers launch thousands of phishing attacks every day, and “they’re often successful.” Knowing the signs to look for can help you be proactive and avoid becoming a victim.

Now you know what phishing is, who’s a target, what it looks like, how to recognize it, and steps you can take to avoid it. Knowledge is the first step toward protecting your organization. 

The next step is educating your workforce. You might have internal staff that can provide that training for you. If not, there are external resources available to help. 

As a IT services provider, Kelser provides cybersecurity awareness training through our managed services offering. We know that managed IT isn’t right for every organization. It might or might not be the right solution for you. 

If you are considering managed IT, we provide a comprehensive solution that will keep your IT infrastructure safe, available and efficient. Find out more about managed IT by reading this article: How Much Does Managed IT Cost? What’s Usually Included?  

Whether you ultimately decide that managed IT is right for you or not, use the information outlined above to educate your workforce about phishing and how to recognize and avoid it. We are committed to providing the information you need to keep your IT infrastructure safe. We’re here if you need us.