account portal
Online Account Portal
March 13, 2021
Monday Frog Room
Windows Update Policy
March 27, 2021

I got a phishing email, now what?

cincinnati phishing

We all get phisning emails. What you may not know it just how many phishing emails are sent out daily. Some research puts this number at 3 Billion per day (3,000,000,000). As you can see, phishing remains one of the most useful tools in a cybercriminal’s arsenal.

I will not go into a deep dive about what phishing is and why phishing exist. This post is simply what to do when you receive a phishing email.

  1. DO NOT CLICK ANY LINKS IN THE EMAIL.
  2. DO NOT “SHOW PICTURES” or “ALLOW REMOTE CONTENT”.
  3. Read the email to determine if it is fake (looks for misspellings and incorrect information). If the email looks fake, 99% of the time it is.
  4. If you determined that the email is fake and you followed steps 1 and 2 above, then permanently delete the email and move on with your life (in outlook this is shift+delete.).

If you did not follow steps 1 and 2, the situation gets serious depending on how many things you clicked and what information you gave to the website you clicked on. if you clicked on anything, let us know ASAP so we can take appropriate actions.

If you are unsure if the email is fake, pick up the phone and call the vendor you do business with to verify the information in the email. Do not reply to the email asking “Is this real”. if the email if from someone you don’t do business with, then it is obviously fake.

Please do not forward phishing emails to AllPro asking “Is this fake” I don’t want phishing email in my staff’s mailbox. 75% of the time, we never get what you forwarded because our spam filter blocks them.

You are often waiting on a response from us that may never come. Delete the phishing email and move on with your life.

Here are some things to review when trying to determine if an e-mail is legitimate or not. If you can answer YES to any of these,  chances are the message is spam.

Expectation

Is this email unexpected from the sender or company?

Sender

Is the sender or domain NOT trusted or recognized? (The domain is the text after the @ sign.)

Is the sender purportedly from a known company but is sending from a public e-mail domain like Gmail or Yahoo?

EX: amazon_support@gmail.com

Is the domain misspelled?

EX: sales@netflixx.com

Body Content

Does the e-mail contain frequent misspelled words or is poorly written?

Does the e-mail ask for a credit card number, social security number, or password?

Attachments

Did you receive an unexpected or unrecognized attachment claiming to “Open Now” or be an “invoice”, etc.?

Urgency

Does the e-mail demand an immediate response or is marked as urgent?

Links

If you hover over the e-mail address or any link in the e-mail, does it point to a different address or otherwise suspicious?

Admittedly, suspicious links are the hardest thing to spot (especially on mobile devices.) Some spam filters actually change the link address to protect users from clicking on bad links. if you are unsure, simply do not click on a suspicious link!

A few SPAM FAQ’s :

  • How did they get my email? A) There are thousands of ways. 99% of anything you ever submitted or filled our online is searchable. They often guess names. Hackers can easily send something to everycommonname@yourdomain.com and find 100 actual people at a company.
  • Why are they targeting me? A) Often you are not being directly targeted, they just want to see if you’ll take the bait.
  • I swear I did not click on the phishing email. I deleted it like you said. Now what? A) Nothing. if you did not click, shift + delete and move on with your life.
  • What protects my company from phishing and spam? A) The free spam filters are not that great (surprise surprise.) Ask us about our offensive security plan if you are interested in an upgrade in email security.
  • I have your Offensive security plan and still get spam. A) Nothing will stop 100% of spam. I get a call each week from clients asking me to reduce their security by lowering the spam filter to allow more mail through because “Too Much Goes to Spam”. We can increase the spam filtering to catch more spam, just know it will catch more ham as well.