SandStorm IT

Power On

  • Services
    • Managed IT Services
    • Servers & Networks
    • Business Computers & Support
    • Cloud Services & Data Backup
    • Custom Software Development
    • VoIP Telephone Solutions
    • Custom Web Design
    • Disaster Recovery Solutions
    • Security & Compliance
    • IT Consulting
  • Technologies
  • Pricing
  • Work
  • About
    • Our History
    • Our Team
    • Careers
    • Press
  • Blog
  • Contact
    • (901) 475-0275
  • Help Me

Don’t Get Phished!

October 7, 2019 By Doyle Sanders

There has been a lot of local news and buzz lately about phishing activities and not the ones where you catch dinner! Emails, websites, and even telephone calls can be phishing expeditions by the less than trustworthy.  We’ve all heard of folks hit by identity theft.  And, yes, sometimes that comes from hackers and the unsavory entities stealing personal information from companies where we’ve provided our names, addresses, credit cards, and other personal information doing business with them.  Maybe the information wasn’t handled and protected properly and that’s why it got into the hands of the wrong people.  Maybe it was someone “on the inside” who took advantage of authorized access to do unauthorized things with the information.  Maybe it was someone who got phished!
 

So what is “phishing” and why do you care?

 

According to Wikipedia, “Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.  The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim.”

 

So, in plainer language, Phishing is giving you something you think you want or need (an email or website) to convince you to give the “phisher” your sensitive information.

 

Most people think, “I’d never fall for this type of trap!”  Think again!  It happens daily, to people from all walks of life.  How many times has someone called or emailed you asking you to click on a link to a website and fill out some forms or give them some information over the phone to verify or confirm an appointment or some similar request?  How do you know it was a legitimate representative of the company, organization, or agency you thought it was?  Now, the fraudsters are even getting slicker, just asking you a question on the telephone where you will answer, “Yes” and then they record your answer and associate it with a question or request for services you didn’t even agree to or know about.


 

So What Should You Do?

 

There are several “best” practices to follow:

  • If you don’t recognize who an email is from, DON’T OPEN IT!!  Opening an email can allow a virus to launch on your system.  Opening the email actually gives it permission to execute some payload or executable contained in the email.
  • DON’T OPEN the email!  Remember, DON’T OPEN THE EMAIL if you don’t know or recognize who it came from.
  • If you open an email and it looks legitimate but has an unusual sense or seems odd, call the sender or send a separate email to the sender to inquire about the legitimacy of it.  Anyone you contact should respect your caution.
  • NEVER, EVER respond to emails with your personal, private, identifiable information, e.g., your social security number, bank account number, credit card numbers, and the like.  There have been numerous examples where emails that appeared legitimate requested such information to verify or validate your account.  NEVER, EVER give that information in response to an email that you are not 100% sure is legitimate and from the actual person or organization.
  • If you ever did open and respond to an email such as this, and it directs you to a website to login or enter personal information, always look at the url (the website address) in the browser.  If you plan to enter personal information, always make sure the website is secure and encrypted.  First, ensure it uses SSL (secure sockets layer) encryption.  You can tell this by the url — it should begin with “https:” — NOTE the “s”.  This indicates SSL encryption. For a more in-depth explanination, check out our post “Why is HTTPS:// so important?“. Second, look at the actual url value and be absolutely certain that it is the domain of the legitimate entity and sender.  For instance, if the original email was sent by someone@newcompany.com, you should expect the url of the website to begin with “https://www.newcompany.com/” or “https://newcompany.com/” with some additional values after that.  If that’s not the case, DO NOT enter any personal information in this site unless you contact the company or organization yourself and verify the authenticity of the email, the request, and the website.

 

Anyone can pretend to be anyone on the Internet, especially with emails.  Remember that these dishonest people cannot magically do anything to you or your computer without getting you to do something to “give them permission”.  Always be cautious and, when in doubt, DON’T! If you ever suspect you’re being phished, give the IT experts at SandStorm IT a call at 901-476-0275.

Related Posts

  • Why is phishing still the most common cyber-attack?
  • Why is HTTPS so important?
  • Why is Patch Management Important For Cyber Security?
  • Why is a mobile-friendly website important?
  • Phishing: How to Avoid Phishing Scams

Categories: Business, Cybersecurity, Email Software and Applications, Social Engineering/Phishing

Subscribe to Our Newsletter

Check your inbox or spam folder now to confirm your subscription.

SANDSTORM IT BLOG

Featured
News
Press Releases
SandStorm News
Security Alerts & Vulnerabilities
Managed Services
Managed Anti-Virus/Anti-Malware
Managed Backups & Monitoring
Updates/Patches
Passwords
Cybersecurity
Spyware/Malware/Viruses
Social Engineering/Phishing
Ransomware
Data Breaches/Leaks
Other
Servers
Server & Server Hardware
Cloud/Serverless Computing
Server Operating Systems
Networking
Wired Networking
Wireless/Wi-Fi
Internet of Things (IoT)
5G & Mobile Networking
Business
General Business
Enterprise Resource Planning (ERP)
Voice & Telephony
Backups & Business Continuity
On-Site Backups
Cloud Backups
DR/BCM Planning & Consulting
Personal Computing
Tips/Tricks/Shortcuts
Troubleshooting
Hardware & Peripherals
Desktop Operating Systems
Software & Applications
Office Applications
Desktop Software
Email Software and Applications

Authors

Authors
Doyle Sanders
Jake Sanders
Jordan Sanders
Justin Oliver
Matt Ballard
Robert Cleveland
Cristian Colón
Jacob Ellis
Jeff Fowler
Miker Irick
Curtis Mayo
Josh Restuccio
Lindsey Sanders
Matthew Stafford
Josh Yarbrough

Give Us a Call

(901) 475-0275
61 Atoka-McLaughlin Dr.
Atoka, TN 38004

About SandStorm IT

SandStorm IT is a team of committed professionals who are dedicated and excited to solve your technology needs.  We accomplish this through understanding your business and then applying the appropriate technology solutions to meet the needs.

Our breadth of experience with information technology covers a range of diverse skill sets such as server setup and configuration, network and firewall solutions, VoIP telephone systems, web and database hosting, custom web application programming, mobile development, and IT security practices and policies.

SandStorm IT has the desire, expertise, and commitment to bring your vision to life.

  • Services
  • Technologies
  • Pricing
  • Work
  • About
  • Blog
  • Contact
  • Help Me
Authorized Solution Provider