Phishing is malicious emails used to target companies or individuals in order to access data. They include links or documents to click on that causes you to download a payload. The payload gives a hacker access to your system and your network. Hackers use phishing emails because it’s easy to reach many people with one email. They have a high success rate. There are a few different kinds of phishing emails.
- Spear phishing—on one individual
- Whaling—used for high up levels in the company
- Smishing –texting phishing attacks
- Vishing – phone call trying to steal your data—posing as the IRS
- Angular phishing –using social media platforms to steal data
A way for you to protect yourself from phishing emails is to understand how to identify an email that may be phishing.
- The sender is someone you don’t know
- The email has urgency
- Includes grammar/spelling mistakes
- Asks for personal information
- Links to websites
- Greeting is generic
In the time of COVID-19, there are increased phishing attempts. Please be wary of any emails referring to the following as it may be a phishing email:
- Stimulus checks
- COVID-19 vaccines
- Email from CDC
- Verify personal info
- Updating the COVID-19 status
A free resource to check if an email may be a phishing attack is virustotal.com. If you want to learn more about how to secure your environment, please reach out to us at firstname.lastname@example.org.