What is a Phishing Email?

What is a Phishing Email?

What is Phishing Email?

This is a type of online scam where cybercriminals impersonate a legitimate organization via email, text message, advertisements, or other means of communication to steal sensitive information such as personal information, credit card numbers, bank information or even passwords. They typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website or even attachments which is the common types of phishing emails.

Learn to spot a Phishing message

Phishing is a popular form of cybercrime because of how effective it is. Cybercriminals have been successful using emails, text messages or direct messages on social media to get people to respond with their personal information. The best defense is awareness and knowing what to look for.

Here are some ways to recognize a phishing email:

  • Urgent call to action or threats - Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, they'll claim you must act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won't think about it too much or consult with a trusted advisor who may warn you.
  • First time or infrequent senders - While it's not unusual to receive an email from someone for the first time, especially if they are outside your organization, this can be a sign of phishing. When you get an email from somebody you don't recognize, or that Outlook identifies as a new sender, take a moment to examine it extra carefully before you proceed.
  • Spelling and bad grammar - Professional companies and organizations usually have an editorial staff to ensure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they're deliberate in an attempt to evade filters that try to block these attacks.
  • Generic greetings - An organization that works with you should know your name and these days it's easy to personalize an email. If the email starts with a generic "Dear sir or madam" that's a warning sign that it might not really be your bank or shopping site.
  • Mismatched email domains - If the email claims to be from a reputable company, like Microsoft or your bank, but the email is being sent from another email domain like Gmail.com, or microsoftsupport.ru it's probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second "o" has been replaced by a 0, or rnicrosoft.com, where the "m" has been replaced by an "r" and a "n". These are common tricks of scammers. 
  • Suspicious links or unexpected attachments - If you suspect that an email message is a scam, don't open any links or attachments that you see. Instead, hover your mouse over, but don't click, the link to see if the address matches the link that was typed in the message. In the following example, resting the mouse over the link reveals the real web address in the box with the yellow background. Note that the string of numbers looks nothing like the company's web address.

Cybercriminals can also tempt you to visit fake websites with other methods, such as text messages or phone calls. Sophisticated cybercriminals set up call centers to automatically dial or text numbers for potential targets. These messages will often include prompts to get you to enter a PIN number or some other type of personal information.


What to do if you received a phishing email
  1. Please avoid clicking any link or opening any attachment from a suspicious email. You can do your own research if the website on the email is a legitimate website by opening a different browser and searching for the company and its website. You may also call the company or the person who sent the email for verification.
  2. If you verified that it’s a phishing email, right click the email and send it to Junk so it will be blocked from your inbox
  3. If you keep receiving phishing emails from the same email address, please report it to SNET Support so we can permanently block the email address. You can forward or attach the phishing email to support@snetconnect.com and request it to get email/IP block. 


If you accidentally clicked the link from a phishing email or opened its attachment from the suspected email

Resolution
1. Immediately call SNET Support 773-321-1500 option 2 or send us an email request for a password reset to support@snetconnect.com
2. MSP Support recommendation is to not use the same password entered.
3. Forward the phishing email to support@snetconnect.com 
4. L1 tech must assign the ticket to MSP > Problem > Other Issues.
5. In the event credit card numbers is compromised to any phishing website, please call and report to the credit card company for a possible fraud.