Recognize and avoid phishing scams
the Helm Connected team
December 1, 2023
What is phishing?
Phishing is a common cybersecurity threat that uses fraudulent email, text, or direct messages. Attackers pose as legitimate organizations to install ransomware or steal sensitive information like passwords, bank account numbers, and credit card details.
How to spot phishing
Check the sender
Review the name and address of the sender to ensure it is professional. For example, a reputable bank will not email you from a gmail.com email address.
Review the message
Does the communication request your personal information, have a sense of urgency, make an offer that is too good to be true, use a generic greeting, or come from a company you don’t work with? These oddities usually add up to a scam.
Look for spelling, grammatical, and formatting mistakes
Misspellings, skewed logo images, and off-brand formatting can indicate the communication has been produced by an attacker. Multiple or glaring mistakes are a common sign of a scam email rather than a legitimate communication.
Check for suspicious links and attachments
The scammer’s goal is to get you to their website to collect your data or install malware on your device. Inspect a link's destination by hovering over it on your computer or doing a “long press” on your phone so you can look for misspellings or nonstandard formatting without clicking the link. For example, acmesecurity.com is not the same as acme.securitycom.
What should you do with phishing attempts? Click Report phishing in Gmail or Outlook or delete the email.
What to do if you’ve fallen for a phishing scam
- Change your passwords. At the very least, change the password of the site you thought you were visiting but if you use the same password on other sites, change those too.
- Run a malware scan. Ensure your antivirus/antimalware software is updated before scanning or contact your IT team.
Still concerned about phishing? Talk to Helm Connected about additional layers of protection with threat filtering, multi-factor authentication (2FA), backups, and security awareness training for your team.