The Phish Comes on Friday

A new “Phishing” trick has been discovered. It sheds light on how Phishing is accomplished, despite the strict email filtering and scanning services it goes through before it reaches your email inbox. While it may be more of a social discovery than a technical discovery, the end result will still help you from losing importing information or compromising your system. The end user is still the weakest link in network security. Educating yourself and your employees is an important step toward defeating phishing attempts.

It all starts with a harmless URL address, a simple and safe sounding link that doesn’t do anything. It gets embedded into your email like a normal link and when it is scanned, it comes back as a non-phishing email. This email is sent usually on Friday early Monday. Then, once it passes the initial antivirus scan, the “phisherman” changes the link URL to a website full of malware or falsified information forms. These pages look like they are on a legitimate website but are really attempts to download malware or get passwords and confidential information.

This information was discovered by Websense. Read their full report

Even the best email security can let some phishing attempts slip through the cracks. It’s important to keep a keen eye on all links that you click on, especially on Friday and on Monday mornings. The ‘bad guys’ are counting on you to be more relaxed and less cautious in anticipation of the weekend or from getting back in the work mindset on Monday morning.

Some tips to avoid being “phished”:

Don’t be afraid to ask questions. If you are suspicious of the e-mail, call the sender on the phone or delete the e-mail.Any emails or popups regarding “Security” should be questioned. Scammers know that word is a trigger for most people and use fear to get what they want from you.Be wary of links. Mouse-over embedded links and make sure the popup shows a link address that matches where the email says it’s taking you. If you’re not sure, don’t click.Be wary of attachments, especially from strangers. However, scammers can (and do) use personalized information to appear as though their spam is from someone you know and trust.Use an e-mail scanning system to do the heavy lifting. While it may not be perfect, it will take out a lot of guess work.

AtNetPlus offers free training to help you educate your employees about phishing. Toss us a line and we’ll be happy to talk to you about scheduling on on-site session.