As cyber criminals continue to get very creative, how do you identify a phishing email so you can protect your data and organization from financial disaster?
As this continues, organizations are constantly trying to address the following:
- Do our users know what to do when they receive a suspicious email?
- Do our users have to call the help desk or forward it to tech support?
- Do users forward to the IT department including all headers?
- Are users deleting the email and not reporting it?
Are employees your weakest link in your security strategy? Yes but they can be your greatest strength also.
Did you know that phishing emails have been so well structured using social engineering that leaks of sensitive information have been causing a huge financial loss. Phishing emails are one of the largest serious cyber security threats to organizations as they are responsible for 94% of ransomware.
How do you identify a Phishing Email? Use the following six examples.
- Look out for suspicious sender email addresses
Cybercriminals use various spoofing techniques to trick users into believing an email is legitimate. Your employees should be trained to check the domain names closely. Employees should also be very cautious when reading email on a mobile device as only the display name may be visible. Domains can easily be manipulated to trick users. Example, “www.365itsolutions.com” versus ‘www.365itsolutoins.com”. Just swapping two letters can have a large impact.
- Look out for the subject line and email tone
Hackers will always try to entice, mark things as urgent, use threatening language to encourage the recipient to take immediate action. They create a sense of curiosity, greed, or even fear as a common tactic used in phishing emails. Employees should be trained that if it is urgent, they should call and verify. They should never rush unless they are 100% of the sender and request.
- Look out for spelling and grammar errors
Majority of emails from cybercriminals have simple mistakes such as grammar. Grammatical errors are an obvious red flag. There may also be more subtle mistakes such as minor spacing issues or use of symbols instead of words. Train employees to keep their eyes open and prepared for all these items that can give it away.
- Look out for suspicious email attachments
Attachments should always be viewed with caution. Always be wary of emails that include attachments. Phishing emails are notorious for attachments and may include a link within the attachment. This avoids them from imputing the dangerous link in the body of the email to avoid detection by an email filter or spam filter.
- Look out for email images
Did you know that hackers and cybercriminals can easily replicate brand logos and images in emails and webpages? It is very hard to distinguish between the real thing and made up pictures. Check logos, colours, or hover you mouse over without clicking to see the link. Always consider all the above factors before you decide to click.
- Look out for strange or odd email greetings
Ever get an odd email out of the blue? Cyber criminals and hackers often send out mass emails to gather information on potential suspects. They will offer generic greetings mostly, but the good phishing attempts will offer sophisticated personalize emails with information such as names, email addresses, and even breached passwords. Have you ever Googled your name to see what comes up easily? This would include LinkedIn, Instagram, Facebook, Twitter, company websites, and other associations.
When in doubt, users should always forward email threats to the IT security team, IT department, managed IT services provider, or managed security services provider depending on their options.
This gives them the ability to proactively analysis and block to prevent future exposure.
Are Your Users Aware How to be Safe Online? Here is a free Quick Security Awareness User Training video that you can share with employees, friends, and family members.
Our complimentary network and security assessment can put your IT infrastructure and business to the test.
Going to the cloud or worried about security? We are your leading Cloud Services Providers Toronto and Managed Security Services Toronto.
365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry leading IT solutions including Managed IT Services, Managed Security Services, IT Support Services, IT Outsourcing Services, Tech Support Services, Cloud Services, Business continuity and disaster recovery (BCDR), Cyber Security Training and Dark Web Monitoring