It’s hard to imagine doing business in the 21st Century without email. It’s provided us with an instant tool for communication and an easy system for archiving information. Email also has given hackers a portal through which they can employ a phishing attack and infect an organization’s servers with malware and gain sensitive information, virtually effortlessly.
A phishing attack is when cyber criminals make a targeted attempt through email to trick individuals into opening links, providing sensitive information or downloading attachments with malicious software.
Phishing attempts are becoming more sophisticated and ever more frequent. For instance, more than 70 percent of targeted cyberattacks in 2017 involved the use of phishing emails, according to the Symantec Internet Security Threat Report 2018. That same report found that 7,710 businesses were hit by a scam each month in 2017.
Infomax recommends employees undergo regular training on how to recognize a phishing attack and stay aware of the latest scams. We offer regular cybersecurity training through our Complete Cloud and iGuard Managed IT services. Here are our tips on how to spot an email phishing attack.
Sender asks for personal information
Hackers have become very sophisticated, and an email can arrive in your inbox that looks authentic, mirroring the email interface of yours or another company. However authentic the email looks, a mental red flag should be raised if the individual is asking you to provide or confirm personal information. Whether it’s from an alleged human resources representative asking for your personal identification or an internal or external sender asking for financial information, you can’t be sure who may see your data once you hit the send button.
Trusted sources will never require you to email sensitive personal or business information because they know how easily accessible that information is to hackers. A trusted organization will encourage you to call a number, send mail or visit a separate, secured online platform.
Email contains unfamiliar links
Similar to mirroring an email, hackers create false webpages that mimic real sites. When you’re prompted to enter information, such as a password, into the fake site, cyber criminals gain access to your and your organization’s information. They can also create malicious links that resemble real web addresses you or other employees frequent, hoping those who open an email don’t look too closely at a URL before they click.
Instead of clicking links train yourself and your colleagues to read a link in an email, checking it against the frequented URL in a web browser. Additionally, hover over and read the web address of links concealed within the text of the email.
Email is poorly written
An easy way to spot a phishing attack is if it contains awkward phrasing, rampant misspellings and grammatical errors. Emails from legitimate companies reflect the professionalism of those who work there. Before proceeding, those on the receiving end also should check that the email address from the sender is legitimate, not containing additional words or characters that readers may not notice on first glance.
Suspicious attachments are included
Never click on or download email attachments that look suspicious or that you are not expecting. The attachment could be a malicious URL or virus that can corrupt the user’s computer and lead hackers into the company’s network. Your business should invest in antivirus software that will scan for suspicious attachments. Employees should also verify attachments with senders by emailing them on a separate thread, calling them or messaging them in another way.
Remember not to give in to pressure from an unknown sender and always take time to consider the information received in an email before reacting. To secure training for your organization, contact us today.