Phishing Vs. Spoofing: What's The Difference?

1st Secure IT data loss prevention cyber and IT security services risk management protection firm

Phishing and spoofing are no longer a threat that is limited to aunts who cover their Facebook walls in wine memes and grandfathers that type in all caps and send chain emails.

They’ve evolved to become a legitimate threat to your entire staff and can grievously compromise the security of your company and your clients. Because of this it’s a good idea to hire on an IT security company to protect yourself against these threats.

For now, enjoy this handy guide to better understand what phishing and spoofing are, and how you can protect yourself from them.

What is Spoofing?

Phishing and spoofing are often mixed up. To keep things simple, let’s start with spoofing.

This is a technique used by crooks where an email is received that claims to be from a trusted individual or institution.

Sometimes it comes from a trusted, verified email account that has been hacked, or it comes from a fake account that seems to be from a respected company.

This email encourages a person to click on a link that generally downloads malware, a Trojan virus, or something else malicious that can cripple your network, and infect your clients.

What is Phishing?

Now, phishing is like spoofing in that it often comes from emails, but these emails contain forms, or links to forms.

These forms look very official, but are in reality, used by criminals for nefarious purposes.

They ask for everything from banking information, to passwords for online accounts. It only takes a few pieces of data to do anything from identity theft, to emptying your corporate accounts.

Take care of your information | 1st Secure IT data loss prevention cyber and IT security services risk management protection firm

How to Recognize a Phishing Or Spoofing Scam?

These scams are often extremely convincing, using stolen graphics from official companies, or even using hacked accounts of trusted professionals.

Always go with your gut. If your accountant sends you an email asking you to download a document with a weird name and weird format that is making you uncomfortable, call their office, and make sure it’s legitimate.

Scammers will often purchase domain names that are slight corruptions of domains used by trusted companies like stores, or banks. Copy and paste this into a separate document and compare it to the URL used by these companies normally.

These crooks will even go so far as to register a normal domain name but with a different ending such as .RU or .JP. Russia and Japan are often where these scam domains are registered, so unless you are doing business with banks in those countries, it’s a scam.

The same goes for their email addresses. They will often register a normal Gmail or Hotmail account with a name like Apple Support or Microsoft Support, or VISA Customer Service, but if you right click the name you will see the actual registered email address. Usually it is a nonsense name

In emails, keep your eyes peeled for broken or bad English. These scams are often orchestrated by people who learned English as a second language. This often leads to poorly written messages.

Be wary of demands of urgent action or demands for quick payment in the form of a bank transfer, or electronic currency. If a normal, legitimate institution, like a bank, or the IRS, needs payment, they send requests through registered mail.

Lastly, if the URL starts with http: and not https: then that means that the site you are using is not secured with TLS, which is a guarantee that you are dealing with a scam.

Contact 1st Secure IT

An IT security company like 1st Secure IT can help protect you, your staff, and your customers from phishing and spoofing.

Give us a call to keep safe, especially if you just responded to an email from a Nigerian prince, or a foreign business official informing you of a massive inheritance.

1st Secure IT

4613 N. University Drive #323
Coral Springs Florida
(866) 735-3369

Cyber Security Risk Management and Consulting Services | 1st Secure IT | When Compliance Is Not Enough

What Is A Firewall
These PCI DSS Changes Took Place On June 30th. Are...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 19 August 2019

If you need help getting started... Contact Us!