Continue to #BeCyberSmart during Cybersecurity Awareness Month! Week 2 is all about how to spot and report phishing attempts. This is necessary to prevent ransomware and other malware attacks on your organization. Fight the Phish with knowledge on what you should not do when you encounter a phishing email.
Phishing
Phishing attacks and scams have always been one of the major causes of reported security incidents. However, since the COVID-19 pandemic began in 2020, phishing attacks have accounted for more than 80% of reported cyber incidents.
Phishing is a common method used by hackers to insert different types of malware into your device. Hackers often use an email or malicious website to take advantage of individuals who negligently click on a malicious link. The aim of phishing is usually to get information from the device the link is open in.
Phishing emails often appear to be highly important or from an authorized organization. These emails have links that contain suspicious code that will infect your device by some type of malware. These types of malware include viruses or ransomware.
Fight the Phish
These days, phishing emails and schemes have become more advanced and sophisticated with targeted attacks. While many phishing emails are caught by the spam filter, some newer phishing emails still come through. Some common phishing emails include: a request from your bank, a job opportunity, or an urgent email from a superior or co-worker.
As a result, you, as an individual, must understand and learn what must be done in response to a phishing email. Recognizing and appropriately responding a phishing email will help enforce the cybersecurity within your organization. Here are some questions you can ask yourself to determine if the email you just received is a phishing email.
Does the email look suspicious?
Before clicking a link in an email that you receive, always ask yourself a few questions to determine whether the email is legitimate. Here are a few questions you should ask when you receive an email:
1. Were you expecting the email and its content?
Did your boss or co-worker say they were going to send you an email with some documents and/or a link? Even if they did, make sure you check the sender address so that you know the email and its content is from the person you are expecting from. If not, then you should be skeptical of the email. As soon as you have any doubts about the email, be vigilant of everything included in the email.
2. Who is this from? What is the sender address?
Always check the sender’s address! Sometimes, the name on the email title will have your boss or co-worker’s name. Cyber criminals use this function to lower your guard by making you think the email is from someone you know. Therefore, it is crucial to look at the sender’s email address.
Furthermore, for phishing emails to your personal accounts, look specifically at the domain of the sender’s address. Many phishing emails use the names and format of large corporations, such as PayPal. Visually, the email will appear legitimate. However, when you look closely at the sender address’ domain name, you will find that the sender is not someone from the corporation.
3. Is the email asking for personal information?
Asking for personal information over email is a huge red flag! Many phishing emails ask for personal information such as your phone number, social security number, bank account number, etc. Official corporations and individuals will not ask for this, so beware of emails requesting this type of information.
To ensure your private information will remain secure, do not share it with anyone unless you know you can completely trust the other person. (And even then, be cautious when you are sharing this type of information.)
4. Does it have a link or attachment?
Proceed with caution if there is a link or attachment! Do not immediately click links or download files that are attached to the email. This is because the link or document may contain malicious code that will insert malware onto your device. To know if the link or attachment is safe, do your research. Start off your research by asking the next question.
5. What is the link’s destination?
Sometimes, phishing emails will contain a request and a link. Visually, the link might look fine in the email. However, you should hover over the email to determine where the link is going to. Remember! Do not click on the link. Hover over it with your mouse to read the link’s destination!
Do some research on the site to determine if it is trustworthy or not. However, a recommended course of action is to simply never click on a link from an unknown sender. (To determine if the sender is trustworthy, refer to question 1.)
When in doubt, toss it out.
Answering the above four questions will help you answer this last question. In general, however, you should always delete or report spam when you have doubts about the email’s legitimacy. The next step in approaching a phishing email is to report the email and sender as spam. You can also block the sender to prevent future phishing emails from the sender. However, keep in mind that even when everything points to the email as safe and trustworthy, you should still proceed with caution. To ensure the safety of your entire organization, make sure your employees are well-informed of this topic! Implement policies and guidelines for your security and educate your staff so that they are aware of how to respond to phishing emails.
If you found this blog useful, please share with others: