Phishing is has been the number one attack vector for over five years. Hacking your “human cyber shield” It is the primary way that bad actors gain access to your systems and it is important that all your employees — and anyone else who has access to your network and data — knows how to identify a phishing email.
Phishing emails are carefully researched and contrived to target specific recipients. The only way to strengthen your cybersecurity is to educate your employees on their role in cybersecurity and how to identify and report phishing attacks.
The increasing sophistication of phishing attacks makes phishing emails hard to spot by the untrained user. However, phishing emails typically have a range of telltale signs that can indicate the message is not what it appears to be.
- Unfamiliar Greeting
The sender spells your name wrong, or uses a first and last name, or calls you by your full name when you usually go by a nickname. Something might seem “off” with the tone of the greeting.
- Grammar and Spelling Errors
Messages originating from a professional source should be free of spelling and grammar errors.
- Inconsistent Email Addresses, Links & Domain Names
If a link is embedded in the email, hover the pointer over the link to verify what ‘pops up’. If the email is allegedly from PayPal, but the domain of the link does not include “paypal.com,” that’s a huge giveaway. If the domain names don’t match, don’t click.
- A Sense of Urgency
Hackers may use threats or a sense of urgency to fluster users into opening and taking action on a fraudulent message.
- Suspicious Attachments
When an email with an attached file is received from an unfamiliar source, or if the recipient did not request or expect to receive a file from the sender of the email, the attachment should NOT be opened. Confirm with the sender before opening.
- Unusual Requests
No one should ever ask you for your personal information via email. Do not send any personal information, login info, passwords, social security numbers, or send money, before confirming that request with the sender. This is a HUGE red flag. Likewise, if a message asks you to install or patch something on your computer, forward that message to your IT team.
- You’re a Prize Winner
Hackers will often use bribery to tempt you to open a fraudulent email. If you get a message telling you that you will benefit from a discount or win a prize by clicking on a link or opening an attachment – Do NOT open and report it to your IT team.
- Vague Message
Be on the lookout for vague messages such as ‘here’s what you requested’ or an attachment titled ‘additional information’. Hackers use vague messages to get recipients to click on attachments or links.
- Request for Credentials, Payment Information or Other Personal Details
So many successful scams start this way. We’ll remind you again: never, ever share these details via email or email link unless you have checked with the sender that they have actually requested that information. One of the most sophisticated types of phishing emails is when an attacker has creates a fake landing page that directs recipients to click on a link in an official looking email. The fake landing page will have a login box or request that a payment is made to resolve an outstanding issue. DO NOT enter information without checking with the sender first and report the email to your IT team.
- Report Suspicious Emails
Help fight phishing! If you receive a suspicious email, report it to your IT team and security operations analysts so they can rapidly respond to potential phishing attacks and mitigate the risk of an employee inadvertently responding to a phishing email.
Phishing awareness training and testing reduces the likelihood that an employee in your organization will compromise the security of your data. ACE IT Solutions offers security awareness training and phishing testing to help strengthen your “human firewall” – training can be done remotely and regularly to make sure every employee is properly educated. Contact ACE IT Solutions at 646.558.5575 or firstname.lastname@example.org for more details.