Ripple's Humans First IT Blog

Gone Phishing

Written by Mike Landman | Oct 23, 2018

How to educate your team and avoid embarrassment

What is Phishing?

Email Phishing is when someone pretends to be someone they’re not through a misleading email scam. For example, a common example would be a message seemingly from your CEO requesting you send her money via iTunes gift cards or a wire transfer.

So what should I look out for?

  • A message seemingly from your CEO requesting money
  • A message from someone you know sent from an unfamiliar or suspicious domain (e.g. FirstName_LastName@xyzyourdomain.com)
  • A well branded email message from a provider (e.g. Dropbox or Microsoft) suggesting the need to click on a link to reset a password.
  • Unusually poor grammar.

What if I clicked anyway?

  • The bad guys don’t have anything till you fill out the info. They’re just leading you to their portal -which, by use of wasted talent, could be very difficult to mistake as an imposter.
  • Send the email and explain everything to your IT Provider

What if I clicked anyway and filled out the info?

  • Contact your IT Provider immediately. If acted on quick enough, there’s a tiny chance they can change your password or even put a stop to the nefarious actions

How do I protect myself?

  • If you get a request to pay any dollar amount over email, call your colleague to verify. 
  • Double check the sending address. It’s likely your CEO wouldn’t send you an urgent message from an @aol, @outlook, @gmail or @xyz<YourDomain>.
  • Microsoft rarely sends non IT Admins suspicious login attempts. Even if it looks real, reach out to your IT Support Specialist.
  • If you see anything suspicious, contact your IT Provider. They can verify the sending address or links associated with the message. 

Current News on Phishing:

On Feb, 2019, the team at myki recently uncovered a scam that mimics a standard prompt for website visitors to log in with a social account (e.g. Facebook). “Upon selecting a login method, an imposter login prompt is presented. The user can interact with it, drag it and dismiss it the same way they would a legitimate prompt.” This is a phishing scam that can fool even the most vigilant security-minded people. “The only way to protect yourself from this type of attack is to actually try to drag the prompt away from the window it is currently displayed in. If dragging it out fails (part of the popup disappears beyond the edge of the window), it’s a definite sign that the popup is fake.” – Antoine Vincent Jebara, myki Co-Founder & CEO

Other sources on Phishing: