How to Recognize and Avoid Phishing Emails

Working remotely during the COVID-19 crisis has been a lifesaver to many, including our own Whidbey Telecom employees. But that online work also brings with it some new security threats.

The FTC reports a significant increase in email scams and phishing attacks since the start of the COVID-19 pandemic. Scammers promise everything from miracle treatments, to work-from-home schemes, to “bargains” on in-demand products. Cyber criminals are also targeting remote work technologies, such as video conferencing services. A remote worker’s home network is likely to be less secure than their company server.

When the Stay At Home order came down, many employers had to hustle to make secure equipment available to their employees very quickly. Many home users have off-the-shelf wireless routers, which are easier to hack than more expensive business-grade routers. In addition, the personal computers people use at home tend to be old. Their operating systems may not be up-to-date with the latest security patches.

Risks are compounded by the fact that the pandemic has people on edge, making them more vulnerable to fall for a scam. Remote employees are dealing with the added stress of childcare and home-schooling on top of an already heavy workload.

How Phishing Works

Phishing attacks attempt to steal sensitive information through emails, websites, text messages, or other forms of electronic communication. They often look to be official communication from legitimate companies or individuals.

We are seeing an increase in phishing attacks as more companies roll out new technology and collaboration tools to their employees. Scammers will pretend to be an employee and ask for access to shared drives or sites. Like this:

These emails are very convincing, some going so far as to include the company’s logo or mailing address. The phishing site typically mimics sign-in pages that require users to input login credentials and account information. The fake site then captures the sensitive information as soon as the user provides it, giving the attackers access.

Phishing emails can be very effective. Attackers will often use them to distribute ransomware through links or attachments in emails. When run, the ransomware encrypts files and displays a ransom note demanding you pay a sum of money to access your files.

What to Look For

We recently became aware of an email phishing scheme targeting Whidbey Telecom customers. Customers reported a fraudulent email that appeared to be from “Whidbey Telecom Webmail.” This scam email tells customers they have to upgrade or their email service will be discontinued.

While, at a glance, this email might look real, it’s not. The scammers who send emails like this one do not have anything to do with the companies they pretend to be.

Phishing emails will try to trick you into clicking on a link or opening an attachment. They’ll say they’ve noticed some suspicious activity or log-in attempts on your account. Or claim there’s a problem with your account or your payment information.

Stop and look over your emails carefully before clicking on anything. Some things to look for are awkward phrasing, misspellings, or grammatical errors. You can check links and verify the sender’s email address by hovering your mouse over them.

Most importantly, trust your instincts. If it doesn’t seem right, it probably isn’t.

What to Do

If you get an email that asks you to click on a link or open an attachment, answer this question. Do I have an account with the company or know the person that contacted me?

If the answer is “No,” it could be a phishing scam. Go back and look for signs of a phishing scam. If you see them, delete the message. Do not click on any links or open any attachments.

If the answer is “Yes,” contact the company using a phone number or website you know is real, not the information in the email.

When in doubt, feel free to contact your Whidbey Telecom Support Team at 360-321-TECH (8324) or email support@whidbey.net.