Angela O’Pry: Hey guys, I’m Angela and today we have Nick LaPalomento with us. He’s our client service specialist here at Aldridge. Our goal for the series is to have some fun making complex things easy to understand.
Today’s topic is “What is Phishing?” I personally have no clue what that means so I’m really hoping Nick here can explain to us what this means.
Nick LaPalomento: Yeah, uh, so, phishing is when somebody sends you an email um, and they’re trying to get information from you that’s private. Uh, things like credit cards numbers, uh, driver’s license numbers, social security. They’re trying to get you to divulge information that you would not want to give out to somebody that you don’t know.
Angela: OK, so that sounds really similar to a conversation I had with Brittany Aldridge in the kitchen the other day. She’s our VP of Finance, and she was talking about an email she received from Patrick Wiley, the CEO.
And he was asking her to make a wire transfer, but it seemed really suspicious and weird. She didn’t transfer the money, thankfully, but is that kind of what you’re talking about?
Nick: Yeah, that’s actually a perfect example. That’s pretty common. I would say in the phishing world, that’s something that happens a lot. So, there’s about four things that I would say you could look for that are really easy, that anybody could do. It doesn’t matter how much technical knowledge you have.
Angela: I need easy Nick.
Nick: So, very simple. So, let’s just start with the example. Look at the from field. So, it says that it’s coming from Patrick Wiley, right? That’s what the display name says. But if you look at the email address there’s something interesting.
It says “Patrick [at] Aldridge [dot] com.” Now, for anybody else that may not matter, but for us, we know that our email addresses are first initial, last name.
Angela: Oh, that’s so sneaky.
Nick: So, ██████ [at] ████████ is his real email address. The second thing that you can look for is the subject line.
So, in this example, the subject line says “Today.” That’s kind of vague, kind of cryptic.
Angela: Right. What does that mean?
Nick: The intent is to get you to just open the email to read it. But this is something that, if you’re paying attention, look for bad capitalization, look for very cryptic or vague subject lines, look for improper use of words or grammar.
Um, so the next thing you can look at is actually in the body of email. Paying attention to words that are being used, what’s being asked of you. Uh, sometimes the sentences will be set up in weird way. Or if the whole message is written in all caps. I don’t know about you, but I don’t write like I’m yelling all the time.
Angela: Right. Neither does Patrick.
Nick: Maybe some people do, but I would say most people don’t. And, so, when you see something like that, it’s all attention-grabbing. It’s to make you, um, not be paying attention, to think that something is really urgent and to just take action without thinking.
So, then the next thing that you’ll see is what are they asking for? So, in this example, they’re asking for a wire transfer. Now, making a quick phone call to just make sure whoever is asking for this is really asking.
I know we’re all texting, we’re all emailing, we don’t make phone calls anymore. But a two or three-minute phone call just to check and save you from wiring half of a million dollars to someone that shouldn’t be getting it? I’d say that’s kind of worth it.
Angela: That’s a lot of money.
Nick: Yeah, so, a couple of minutes, half of a million dollars. I feel like it evens out.
Angela: Yeah, OK. Great. Well, I know it’s been really helpful for me, so thank you so much for explaining that.
Nick: Awesome. No problem.