How to Avoid Social Engineering & Phishing Attacks

When you think about cybersecurity, you think about defending your business and personal information against hackers who use vulnerabilities in technology to attack data networks. However, another way into an organization’s network involves taking advantage of human weakness. This is known as social engineering.

What is a Social Engineering Attack?

An attacker uses human interaction to obtain or compromise information about an organization or its network systems in a social engineering attack. The attacker may seem unassuming and respectable, possibly claiming to be a new employee or vendor and even offering credentials to support that identity. However, by asking questions, the attacker will try to gather enough information to infiltrate an organization’s network. The attacker can also use information collected from one source to contact another source within the same organization and rely on the data from the first source to add to their credibility.

What is a Phishing Attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as natural disasters, epidemics/pandemics, economic concerns, major political elections, and holidays.

What are Common Indicators of Phishing Attempts?

Suspicious Sender’s Address

The sender’s address may imitate a legitimate business. Cybercriminals often use an email address that closely resembles one from a reputable company by altering or omitting a few characters.

Generic Greetings and Signature

Both a generic greeting—such as “Dear Valued Customer” or “Sir/Ma’am”—and a lack of contact information in the signature block are strong indicators of a phishing email. A trusted organization will normally address you by name and provide their contact information.

Spoofed Hyperlinks and Websites

If you hover your cursor over any links in the body of the email, and the links do not match the text that appears when hovering over them, the link may be spoofed. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain. Additionally, cybercriminals may use a URL shortening service to hide the true destination of the link.

Spelling and Layout

Poor grammar and sentence structure, misspellings, and inconsistent formatting are other indicators of a possible phishing attempt. Reputable institutions have dedicated personnel that produce, verify, and proofread customer correspondence.

Suspicious Attachments

An unsolicited email requesting a user download and open an attachment is a common delivery mechanism for malware. A cybercriminal may use a false sense of urgency or importance to help persuade a user to download or open an attachment without examining it first.

How Can GTS PhishGuard Help Protect Against Phishing Attacks?

GTS PhishGuard offers protection from phishing scams and integrates directly with Office 365. This means that you can arm your inbox against phishing scams without ever leaving Outlook. The GTS PhishGuard service is not a spam filter but rather an ultra-focused program that targets phishing scams, going so far as to pull emails out of your team’s inboxes if a message is identified as a threat. Our program scans text, links, and sending and forwarding addresses in your emails to identify anything that seems “phishy.” Then it calls them directly to your attention with built-in warning ribbons. Plus, when GTS PhishGuard has identified a fake email address, or you’ve received a message that doesn’t quite look right to you, you can flag the message as suspicious and send it to our experts at GTS for review with a single button click. If we think it’s a threat, it’ll be logged and documented into GTS PhishGuard, and automatically removed from your inbox and the inbox of every other member of your team. In addition, GTS PhishGuard gives you access to a worldwide database of community-added threats. This means when an email pops up in your inbox; our service automatically runs it past a global database of documented threats. If a match is found, it will identify the message as a phishing scam and pull it from your inbox before they ever threaten your team or your business.

Contact us today at (904) 606-6011 or email to learn more about GTS PhishGuard, phishing protection, and other security offers from Grand Technology Solutions. We’re ready to help you keep your business and personal data protected!


Paul May