Phishing has become increasingly popular. It’s a practice hackers use by impersonating a legit company to get your personal information. When one of our clients had a phishing situation, we asked her to send it to us so we could do a video. You can watch the video above or read our tips below for how you can tell if you’re being phished:
1) The ‘from’ email is not legit. In general, scammers are lazy. So if you notice your Microsoft email is from firstname.lastname@example.org, that’s weird. (Yes people can pretend to email from a legit seeming email address too. If you want to see if someone could be spoofing your domain, check out https://senderscore.org/)
2) Check out the spelling, grammar, and design. Non-sensical sentences, spelling errors, and the company logo seemingly slapped into place are all dead giveaways that you are dealing with a lazy scammer.
3) The links go to weird places. If you hover over the buttons or links, you’ll see they don’t seem to go to a company website. Ex: If a LinkedIn phishing scheme was going, that cancel password reset button might link to www.linked-in-password-reset-cancel.org. No need to click on these links, you can see where they go on the hover. (Clicking on links you don’t know may result in having things downloaded to your computer or worse.)
4) The action seems illogical. For example, if Microsoft365 was going to do anything, they would make everyone a) reset their password on the Microsoft website or b) tell everyone that their password had been reset (and maybe what it is temporarily). Why would I have to go to the website to put in my existing password… you know, unless they wanted to know my password. (Note from a company standpoint, most of us with websites have no idea what your password is. This is for your privacy. All we can do in an instance you forget your password is help you reset it.)
So don’t get phished! Add filtering to your email and be critical of emails like this that could sneak their way through.