Many of us find ourselves checking emails 24/7, for work or personal reasons. It is a vehicle to communicate more effectively and reach resolutions more quickly, or so we are conditioned to believe. When was the last time you chose to pick up the phone instead of sending an email to a client or colleague?
In this fast paced world, do you ever take a moment to smell the roses or better yet, read a subject line? A majority of people claim that they can quickly spot an illegitimate email. If that were the case, there would not be a 65% increase in phishing attempts over the past year, and hackers would have moved onto something much more lucrative.
The top 9 things to look for to guard against a phishing attack:
1. Sender Email Address: If you see an email from your favorite client or supervisor, don’t click so fast. Always be sure to check the email address, in full, to determine if it is legitimate. Some of the more amateur hackers will hide behind Gmail or Yahoo, however, those more seasoned will mimic the domain and add a slight twist, i.e., fedexship.com vs. fedex.com. Double check the email address before responding, clicking or opening, even if you are expecting a package and/or the name appears correct.
2. Sender Name: This can be difficult to track, but phishing emails will typically close with a generic name, such as John Smith, to avoid raising suspicion. You should recognize the people that send you emails or, at the very least, the role they play at an organization.
3. Attachments: One of the most common means by which a computer is compromised is through email attachments. When opened, these attachments can give hackers complete control of your machine and in turn, control over other machines in your environment, servers and networks. Anything that is asking you to perform additional actions / tasks should be considered more carefully. In today’s world, you should work under the guise that all attachments are hostile until proven otherwise. Learn more about what guidelines to follow when opening attachments.
4. Writing Format: You must become acutely aware of discrepancies in how an email is written. Many hackers hail from the other side of the world and their style of writing can be different, even though the language is the same. Although it is subtle, writing a date as 1st of July 2019 rather than July 1, 2019 should raise a red flag.
5. Design: If you come across a funky looking font this should immediately catch your attention, especially if you don’t know the sender.
6. Grammar and Spelling: We all fall victim to the occasional typo, but if you find an email riddled with grammar and spelling mistakes, consider the source. When doing business, most are careful enough to catch these type of things to maintain a level of professionalism with the help of spell check.
7. Link Destination: If you receive a link in any email, you should hover over it and check the URL and domain to confirm it is legitimate. It is important to get into this habit even if you are confident the email is from a trusted source. This should be a best practice regardless of who sent the email.
8. Links to Verify Information: Never, ever click on a link to verify information. If you believe that your information needs to be updated, always go directly to the source. If it is a website, go directly to your account tab and update as needed.
9. Logo Design: Hackers will try to replicate logos but they don’t always appear as clear or concise as an original. If something looks even slightly “off,” it probably is.
Educate your employees on the importance of being alert to hackers when responding to emails. Incorporating phish testing within your company will alert you to the percentage of employees that are drawn to phishing emails. Simulating phishing attacks is an additional layer of security for your employees, and is just as icrucial to your security anti-virus, anti-spam or a firewall.
When you randomly phish your employees you are heightening their awareness to what they should look for in their inbox. In addition, you are implementing an effective cybersecurity best practice to protect your last line of defense: USERS.