Don't Fall for a Phisher's Bait

Whoever said crime doesn’t pay apparently hadn’t heard of phishing—the hacking technique that targets a company’s e-mail system to steal personal information or lock it down in exchange for a ransom. According to the FBI, hackers made off with more than $675 million through “business e-mail compromise” in 2017.

Think your employer is too small to warrant a phishing expedition? Every type of business is a potential target of phishing attacks, the Securities and Exchange Commission said in a recent report. The fake e-mails don’t have to be sophisticated to do serious damage, either. All it takes is for one employee to respond to an offer of a free salted caramel latte to send a company’s computer network into a tailspin.To avoid being that employee, stay alert for signs that an e-mail may be coming from an unsavory source. Looking beyond the sender’s display name is the most effective way to identify a phisher, says Debraj Ghosh, head of Microsoft Security Product Marketing. Closely examine the user name and domain name, especially the spelling, Ghosh says. If you receive an e-mail from “@amazom.com,” for example, mark it as spam and move along.