Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
By: Stephen Jones
Table of content
Phishing attacks have been around for quite some time, with some experts estimating the first attack may have happened in the mid-1990s back in the heyday of AOL.
However, gone are the days when doing a scan for bad grammar was enough to determine if an email was malicious. As threat actors turn to AI to quickly generate authentic, convincing text for use in phishing emails and texts, end-users need to be ever vigilant before they click a link and fall down the phishing rabbit hole.
It’s not just the email text that’s elevated in sophistication, either. Earlier this year, our cyber team encountered an incident where a malicious actor cloned an organization’s single sign-on to look identical to the real version. Attackers are increasingly using curated, well-designed landing pages to mimic sign-on pages and obtain an end user’s credentials directly, going so far as to recreate an MFA authenticator page to gain full access to an account. Below, you’ll find an example of a curated, well-designed landing page provided by the University of Minnesota.
Don’t let your organization be a victim to phishing. Below are some of the red flags that end-users can identify to help determine if they are being phished:
Phishing attacks start with emails and text messages that appear legitimate. They may come “from” a colleague or mimic the appearance of an official email. With organizations moving towards hybrid and remote models, less face-to-face interaction with colleagues could lead to employees falling susceptible to phishing.
To distinguish between genuine and fraudulent messages, scrutinize the email closely. Look for grammar and spelling errors, unusual greetings, or suspicious requests for sensitive information. Remember, reputable organizations will never ask for personal details or login credentials via email. If something feels off, trust your instincts and verify the authenticity by contacting the organization directly.
Phishers frequently employ tactics designed to incite panic and urgency for the end-user, such as threatening to close down an account if proper action isn’t taken or an urgent request to review an invoice or document. They may create a false sense of impending consequences if you fail to act immediately. However, don’t let your emotions cloud your judgment. Take a step back, evaluate the situation objectively, and consider whether the urgency aligns with normal business practices. Legitimate entities will never pressure you into providing personal information hastily or making reckless decisions.
One of the telltale signs of a phishing attempt is misleading URLs and links. Hover over links before clicking on them to reveal the actual destination. Check for misspellings or alterations in the website address that may indicate a fake webpage. Always verify that the website has a secure connection by ensuring the URL starts with “https://” and displays a padlock icon. When in doubt, navigate to the website directly rather than relying on provided links. This includes reviewing the following:
The same vigilance you use for links should also be used for attachments. If an attachment looks suspicious or if you weren’t expecting a document from the sender, exercise caution and do not open it.
Phishers often ask for sensitive information that goes beyond what’s typically required. Be cautious if an email or website prompts you to provide personal details such as Social Security numbers, passport information, or banking credentials without a valid reason. Legitimate organizations follow strict protocols to protect your data and will only request necessary information. If uncertain, contact the organization through official channels to verify the authenticity of the request.
If something feels off, always triple-check. Phishers employ various techniques to deceive and manipulate, but your intuition can often detect something amiss. If an email raises doubts or feels too good to be true, exercise caution and take extra measures to verify its legitimacy. It’s better to err on the side of caution than to fall victim to a phishing attack.
Phishing attacks continue to evolve, posing an ever-present threat in our increasingly digital lives. By familiarizing yourself with common indicators of phishing attempts, you empower yourself to recognize and avoid potential risks. Remember to maintain a vigilant mindset, question suspicious emails, scrutinize URLs, and trust your instincts. Together, we can combat cyber threats and create a safer online environment.
Stephen Jones is VP of Cybersecurity at Dataprise. Learn more about him here.
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.