Are you at risk?
Email security, in particular, phishing threats, continues to present significant cybersecurity risk to businesses worldwide. Businesses find challenges developing automated control of phishing threats because human behavior most often opens the door for an attack. Some web browsers can help reduce the risk of cyber-attack through the use of scanning software that identifies common phishing characteristics. However, these security features do not identify and eliminate all forms of phishing attacks. You must train your employees to identify suspicious emails and provide instructions for handling them.
To assist you in your efforts to educate your employees about types of phishing threats, in this post we provide 10 ways to identify a phishing scheme.
Message ‘Feels Wrong’
If an email message delivers information or solicits input that seems out of context, trust your instincts. Do not click on links, download files, or provide requested information without independent verification of the veracity of the message and sender.
Sender’s Email Address Does Not Match Represented Company
When a sender’s email address does not seem to match the company the sender proposes to represent, you should suspect an email threat. This common phishing threat lures unsuspecting readers into providing confidential information for malicious purposes.
The Deal Looks Too Good to be True
When you receive an email that offers goods or services for unbelievably low prices, do not believe it. Remember the old adage ‘If it seems too good to be true, it probably is’. At this point, you should look for other signs that the email could contain a phishing threat. If you want to confirm the validity of the offer, you can go to the company’s website directly. Do not click on an embedded link or cut/paste the provided link into your browser.
Email Requests for Personal or Confidential Information
Beware emails requesting personal or confidential information. With this form of phishing threat, the sender often poses as someone you may know or believe has the authority to request information from you. For example, the sender may send an email with a letterhead that appears to be from an executive within your company, requesting confidential information. Anytime you receive an email request for information from anyone, before cooperating, contact the individual separately from the contact information provided in the email.
Sending infected files in emails remains one of the most prevalent forms of spreading viruses and malware. Unless you know the sender and the source of the attachment, do not open an email attachment without a proper AV/AM scan. Even if you know and trust the sender, you should confirm that the sender intended to send the file to you before opening it. This potential email threat is a sign of phishing.
Web Address Looks Strange
Before clicking on a link to a website, always carefully examine the HTTP address and look for signs that the address may not be valid. The address may be slightly different to the entities actual web address that they claim to represent. The safe solution is to either ignore the link (and trash the email) or go to the company’s website independently from any information in the email such as a link or HTTP address.
Email Contains Poor Grammar
Cybercriminals generate a significant percentage of phishing emails from international locations. Often the scammer does not possess good English grammar skills, and it shows up via poor grammar in the email. While poor grammar in and of itself does not prove the email is a phishing attempt, you should be suspicious anyway, particularly when the email contains other signs of a phishing scam. At least, poor grammar indicates unprofessional communication.
Message Designed to Prompt Emergency Action
Phishing emails sometimes include requests for information, accompanied by some form of notice that suggests a penalty for lack of failure to respond. For example, scammers may claim to be the IRS or a 3rd party service contracted to the IRS for purposes of collecting back taxes due. Rarely do businesses or governments make such demands via email.
Third Party Sign-In Request
Another form of phishing appears as a pop-up within a website that asks you to sign in from another account such as Facebook, Amazon, etc. Do not comply with this request. Most often, this 3rd party sign-in request is merely an attempt for theft of your login credentials.
Any time you receive an email with a generic greeting, such as Dear Sir, or Dear Madam, you should suspect foul play. The email may be associated with legitimate sales or marketing emails (spam?), but if content suggests transfer of personal info or link to an unknown website, ignore and trash the email. This form of phishing is common when cybercriminals send phishing emails in batch mode.