Don’t Get Caught In The Phishing Net

Phishing isn’t just a tech term. It’s a real threat for your business. During the past few months, there have been several stories in the news about companies whose accounts were compromised due to phishing. And for every attack that’s publicized, there are many more that are undetected, unnoticed, or even completely ignored. This brings us to the big question: What the heck is phishing?

Phishing is the act of using legitimate-looking e-mails to get personal information, credentials, or something private from the recipient.

Recently, there have been some phishing e-mails relating to DreamHost floating around, so it’s a perfect time to offer a refresher course on how to spot a phish.

Phishing  ranges from, “Please respond to this e-mail with your user-name/password” to “Follow this link and log in to change your password,” to the example I’ll share in this article.

Imagine getting an e-mail that looks like this:

KS1

It looks legitimate, but I don’t remember initiating anything tariff related in my account, so let’s follow the link to log in and see what they mean.

KS2

Okie dokie, let’s log in and see what the fuss is about. But, guess what, if you do that, it’s too late – you’ve just been phished!If you didn’t catch it, don’t worry, we’ll review it in depth.

Let’s start where it began – with the e-mail. If you didn’t notice the first time around, the “To:” field looks pretty odd and it isn’t directed at your specific address. Some companies do this to keep their users private if they’re sending to a large list but, in this case, that doesn’t look like a list name I’ve ever seen. The e-mail also addresses you as a generic “DreamHost client,” instead of by name, which many companies (including us) do.

Now, let’s take a look at the link. They were nice enough to write it all out for us in the e-mail, but where does it actually go?

ks3

By hovering over the link, we can see the actual address of the link in the very bottom of the window.Oh my, that doesn’t look right at all! First, you should never log into a web-page which has HTTP instead of HTTPS. The difference is an unsecured versus a secured connection. Second, there’s all sorts of gibberish after the dotcom that doesn’t match the link in the e-mail. If that isn’t a dead giveaway, just look at the real panel.dreamhost.com page.

KS4

Compared to the page above, the favicon next to the page title matches the DreamHost logo and, most important, you can see the green lock icon next in the URL bar which indicates a secured (HTTPS) connection to our server. If you want to, you can even explore the certificate itself and check its validity. On the above page, you’ll see that there isn’t an HTTPS connection and that all that gibberish is still present in the URL bar.

Those are just a few simple steps to help combat phishing attempts. I’ve simplified the steps in a tl;dr:

tl;dr

1: Check that the sender is who they say they are. If  ”some_random_email@not_your_bank.com” asks for your credit card information, it’s probably not legitimate.

2: Check where the link goes. If it isn’t where you expected, don’t use it! Use a link from a source you trust – like from their website directly.

3: Never click on links in e-mails you suspect to be phishing. Some webpages can be harmful, even if you stop loading them before entering any information.

4: Never respond to an e-mail that asks for your credentials, even if it’s from someone you trust. Go the extra mile by asking them over text/voice/chat if they sent it. There’s a good chance that they didn’t.