Insights from Orion Group

Phishing:  Don’t Get Caught!

A phishing email is an attempt to acquire sensitive information like credit card details or login information for malicious reasons by pretending to be a trustworthy source. Phishing is an example of social engineering techniques used to deceive users, while exploiting the poor usability of current web security technologies. A phishing email message is a form of attack that tries to compel the user to expose information that the hacker can use to gain unauthorized access to system data for the purposes of committing fraud.

While today’s system tools- when applied as an email filter- can flag phishing emails as potentially dangerous, end user education continues to play a critical role in responding to this increasingly persistent attack vector.

As an email user, how do you protect yourself from falling victim to a phishing attack? First, consider each and every email message you receive with a skeptical eye. Be on the lookout. Don’t blindly respond to messages without considering the source and your response. Next, take a close look at the email’s “from:” address. An email address consists of a localpart, the “@” symbol, and a domain name. An example is Look very closely at the domain name. If your email application only displays the localpart, you can sometimes hover or right click on the localpart to reveal the whole email address. Make sure the domain name is consistent with the senders domain.

Oftentimes, phishing attacks originate from countries that don’t speak English as a first language. Consequently, the use of English isn’t well understood or written. Be wary of messages with poor grammar or spelling like, ‘You Must Valid Your account for continue.’


Also, anytime the sending entity requires or demands for you to reply with system confidential information like username/password, PIN, social security number, etc.; be extremely cautious. If you think the email is a valid request, look up the sender’s voice contact information separately from the email and call to verify the request. Legitimate senders are usually extremely aware of phishing scams and consequently will never ask you to reveal confidential information in this fashion.

Finally, scammers are getting more sophisticated every day. The ease and relative anonymity of the internet make it easy to send out millions of phishing emails with a significant reward of tricking even a few. A recent customer (company controller) received an email from her boss, the CEO, requesting that she immediately wire a sizeable chunk of money to a bank account she’d never used. Because of her education, red flags went up and she contacted our support staff to review the email message content. We were able to quickly deduce that it was a phishing scam meant to steal company funds. Her diligence and education saved her company big bucks and personal embarrassment. Don’t let a scammer get the best of you. Be diligent!

  Related Posts
  • No related posts found.