Simple, Effective Tips if you Suspect a Spear-Phishing Email

by Tony Rushin

Let’s say you’ve got a spear-phishing email in your inbox despite the efforts of your firewall, spam filter and anti-virus software.  What do you do?  Mark Rasch, Director of Network Security for Computer Science Corp., sums it up with these 3 tips:

“Rule #1 is, don’t open suspicious links.  Rule #2 is, see Rule #1.  Rule #3 is, see Rules 1 &2.”

Okay, we get it.  But spear-phishermen are getting real sneaky: they target attorneys and executives (called whale phishing), do their homework and find on-line clues that help them craft an email that looks legitimate.  What if you open the email and accidently click on the link before you start suspecting that you’re getting reeled in?  Here are 4 more tips that will help if you find yourself in that situation:

Tip #4: Pick up the phone and call.  Yes a good, old-fashioned phone call to the person or institution that supposedly sent the email should clear things up.

Tip #5: Look for the “LOCK” symbol in your browser (to the left of the URL in Google Chrome; to the right of the URL in Internet Explorer).  Double click on the lock to show the site’s security certificate – the name on the certificate should match the name in the URL.

Tip #6: Suspect a fake bank or credit card site?  An easy way to check is to enter the wrong password.  Your bank will give you the message you’re used to when you fat-finger your password; the fake site will accept it!

Tip #7: Report the phishing scam.  Tell your IT support person (external or in-house) and report it to the Anti-Phishing Working Group (this only takes 5 minutes).

My next blog will cover some more sophisticated user tips.

This is the 3rd of 23 blogs I’m writing to celebrate the Atlanta Association of Legal Administrators’ 23rd annual Business Partner Expo.  This year the Business Partner Expo will be held from 3:00 – 6:30 pm on August 17th at the Cobb Galleria.  Over 150 legal administrators and their guests are expected to be on hand learning about the latest technologies, finding solutions to business issues, uncovering emerging trends and developing valuable partnerships to help their law firms.  Already an AALA member?  I’ll see you there!  Not an AALA member?  Give me a call at  404.943.0800  x133 to discuss how you might be able to go as a guest!

Leave a Comment