From Wipfli CPAs and Consultants
Beware of Phishing
Phishing is one of the most commonly used attacks against users. By way of e-mail, those with malicious intent will contact unsuspecting persons, asking them to click a link or download a file. Generally, the end goal is to infect the user’s computer with malware or get them to submit important personal information.
What can you do?
Understand that “spam” and “junk” filters do not catch all malicious e-mails. Second, know what signs to look for in a phishing e-mail. The vast majority of phishing attempts are fairly easy to recognize and avoid. Here are a few aspects of phishing e-mails that can help you recognize their true nature:
- Look at the “from” address. Be sure you recognize it. Then take a second look at the domain name (that’s the name after the “@” symbol). Make sure it’s spelled correctly. At the office, an internal e-mail from your coworker would display only his or her name. If it also shows the full e-mail address, it came from the outside.
- Look for a “reply” address that matches the “from” address.
- Check that the message is well composed with the grammar and spelling you would expect from the sender, whether it’s your boss, your brother, or your bank.
- If there is a link in the e-mail, does it match the destination? By hovering your mouse over the link (without clicking on it), your e-mail application will show its actual destination. Again, take a second look at the domain. Be sure it is a domain you would expect. Misspelling a domain is very common tactic (microsft.com vs. microsoft.com). At a glance, they look the same, but one will take you to Microsoft, and the other will take you somewhere you don’t want to go.
- Does the e-mail ask you for personal information? Most organizations would never ask for personal information in an e-mail or ask you to “reconfirm” your password and account information.
- Trust your gut! If something doesn’t seem right, it probably isn’t. If you are not sure and are worried that there is something urgent that needs your attention, then contact that company/organization as you normally would. Never use the e-mail links or any information from a suspected phishing e-mail (including the phone number!).
Understand that e-mail phishing works on unsuspecting people every day. Even e-mails that seem farfetched (“Send me $100,000 so I can give you my inheritance”) work all the time, but those aren’t the only e-mails that get sent. There are often crafty and well-constructed e-mails that require a close look to notice they are malicious. So take that second look and check before you click, download, or enter your information