What You See Isn’t Always What You Get. Have you ever questioned what happens when you click a <a> tag on a website? How does your browser know where to go? I hope to explain the main fundamentals through this article.

The next time you click on a link in an email or social media post, make sure it's not just another hidden danger. The use of email addresses and identities that appear authentic but are not, are tricks used to dupe people into sharing sensitive information! This technique is known as redirecting and will mirror normal website links but there are some important differences to distinguish between non-harmful and harmful links that will help keep yourself safe online. Here’s how you can protect yourself:

1. Check the Sender’s E-Mail Address

Many phishing attempts come from E-mail Addresses that are clearly not legitimate. For example, you might receive an e-mail that appears to be from your bank, but the sender's address is something like banking@yahoo.com. This should be a red flag that the e-mail is not legitimate. If you're unsure about an e-mail, you can always contact the sender using another method (such as a phone call) to verify that they actually sent it.

2. Watch for Links and Attachments

The objective of a phishing attack is usually to get you to download an attachment or to click on a link. Make sure you're cautious when installing attachments -- they may just be malware that will infect your computer. Don’t click links within an e-mail that you are at all suspicious of. What looks like a legitimate hyperlink can be a disguised link to a criminal website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website), or better yet, open a browser window and manually type in the hyperlink yourself to prevent it being re-directed.

If you receive an e-mail from someone that seems strange or out of character, don't click anything in the message. Most likely their account has been hacked and all of your contacts are now targets for spear phishing attacks.

If you’re expecting an email or appointment link from a client, that looks legitimate and you feel confident, then feel free to click the link. Not all links are

If you are expecting an email or appointment link from a client or college, that looks legitimate, you can feel confident in clicking on the link. Not all links are fakes but know your tips to identify a fake.

3. Typos Are a Red Flag

For some reason, cyber-criminals seem reluctant to invest in copy editing. One of the easiest ways to spot an e-mail sent as part of a phishing attack is by typos. Most that I receive are full of spelling errors, poor grammar and syntax, and ugly text layout.

4. When In Doubt, Contact the Supposed Sender

Sometimes the bad guys pull things together and manage to generate a spear-phishing campaign that’s really difficult to detect. The e-mail appears to come from a legitimate source, it references something that could be legitimate (like a recent purchase you made) and it’s polished and official-looking. If you’re not expecting this e-mail, pick up the phone and call the originating company’s customer service, or send an e-mail directly to their customer service to verify they sent it.

5. Asking for Personal Information is a Red Flag

It's important to be aware that asking for personal information can be a red flag. In some cases, scammers will pose as legitimate businesses in order to collect your personal information. They may then use this information to commit identity theft or fraud. In other cases, companies may simply be collecting your data without your consent. Either way, it's important to exercise caution when giving out your personal information. If you're unsure about whether or not a company is legitimate, do some research before giving them your information. When in doubt, it's always best to err on the side of caution.

6. Install Security Software and Be Smart About Passwords

Internet security software is a good idea because it has a feature that can detect and block fake websites, making sure you don't accidentally click on the link. And it goes without saying you should be using unique passwords for each website where you are required to log in. This adds a layer of protection so the hackers can't get to your personal information. If you're a phishing victim, this can help to contain the damage.

Things To Consider

If you follow these steps, you will minimize your risk of becoming a spear phishing victim. Remember it's not just about staying up to date. If you want to protect your personal and corporate networks from malware, and phishing attacks - make sure that the most secure technology is available for protection as well as have an expert IT team, like Frogworks available to call.