It’s phishing season, and no we don’t mean a day on the water. Phishing is a cybercrime that snares all too many innocent people every year. We’ve seen and heard about some phishing attempts involving criminals that are using our email service provider, Rackspace, as their cover. Therefore, we thought we’d shed some light on the subject so that you are better prepared to see the hook and line before getting caught. Whether you’ve fallen victim to this cybercrime or not, continue reading to learn more about phishing and some tips for preventing an attack.
What Is Phishing?
Phishing is the fraudulent practice of sending emails under the guise of a reputable person/company to trick users into giving up their personal information. This could be information such as passwords or even credit card information.
A phishing scam will always require a click on your part. This click ultimately gives the scammer authorization to deal their damage. Think about it, if you do the clicking, your computer thinks that you have given authorization for this person to have access to your data.
When In Doubt…
If you receive an email that’s smelling a little phishy, the best thing to do is to not click on anything.
Keep in mind that these scammers can even use hidden links to get in. Meaning, they could have used a phishing link hidden behind the original link to sneak past you. Again, your computer will only see your click as you giving authorization, even if you didn’t know what you were clicking on.
Rule Of Thumb
As a general rule of thumb, make sure you know who you’re dealing with. If you don’t know or are suspicious of foul play, either ask someone or delete the email.
In some instances, the sender’s name looks to be someone that you trust, when it’s actually coming from a scammer. This is a phishing tactic called spoofing. Learn more about spoofing.
Always play it safe and verify the sender before interacting with an email. The easiest way to do this is to open the drop-down box for the sender and look at the email itself. Oftentimes, a suspicious email will be coming from an email that does not match the sender’s name.
Another general rule of thumb is to never click on a link in an email. Instead, create a habit of typing the link directly into your browser. We know it’s easier to just copy and paste, but a little extra work in the short-run will help protect you in the long-run.
Note in this phishing attempt that the email does not match its sender’s name.
Reflected Cross-Site Scripting
Reflected cross-site scripting (XSS) is another technique that cybercriminals will use as part of a phishing scam. This is certainly a more advanced technique, so buckle up.
This specific XSS technique involves the criminal sending the victim a bad link that’s infected with malware, This is typically done via email or text message. But here’s the catch; the link itself is disguised as something more welcoming so that the user lets their guard down.
In using this infected link, victims unknowingly allow the perpetrator to gain access to their computer by visiting a seemingly harmless website.
The best way to prevent this kind of attack is vigilance. Specifically, be on the watch for emails from unknown senders, especially if they include an urgent call to action, so as to avoid clicking on suspicious links.
Rackspace: InsideOut’s Email Service Provider
InsideOut Solutions manages your email with Rackspace as our provider. Rackspace will never contact you. If there is ever any issue, they will contact us directly and we will reach out to you if necessary. If you ever receive an email from Rackspace that’s asking you to verify or update any information, delete it immediately.
Note here that while the sender’s name says “Rackspace Notification”, the actual email is clearly not from Rackspace. Additionally, these phishing attempts are usually sent from a variety of emails that will include different messages to try to fool you into thinking that one of them is real.
We’ve Got Your Back!
If you have additional questions or are suspicious of a phishing attempt, please reach out. We’re here to help.