Do you or your employees know what to look for in a phishing email attempt? Here are some tips of what to look for.
Email cybercrime is one of the fastest growing and evolving types of data breaches as of recent. According to the Verizon 2018 Breach Investigations report, 92 percent of malware is still delivered by email.
The human factor is a big concern for businesses, especially since more and more cyber-attacks are designed to take advantage of human error. One of the most common methods of malware infections is through phishing attacks, which continue to be more targeted. An email cyber-attack is an attack method that uses disguised email as a weapon. The goal is to trick the email recipient into believing the message is something they want or need – a request for bank account information or request for updated information.
With the holidays approaching, people and organizations will see an increase in phishing attempts. Threat actors will disguise themselves as businesses, banks, or third-party processing companies to attempt to get information. It is important to ensure businesses are protecting systems against these attacks. However, this can be difficult if employees are not trained on how to identify the warning signs.
Here are a few red flags to look for when faced with a phishing email.
The first red flag of a phishing email should be who is the email coming from. Sometimes these can be blank. Other times, there will be a familiar, trusted contact name in the field. However, when you drill down to the full email address, there could be missed spellings that are placed in clever ways to throw you off. For examples, firstname.lastname@example.org could be email@example.com. When you quickly glance, it could be construed as a familiar email address, but in reality, it is someone trying to disguise themselves.
The second red flag of a phishing campaign should be the “to” field. Many times, email campaigns will be spammed out to a large group of users. If you are cc’d or attached to an email with a bunch of unfamiliar names this is a good sign the email is a phishing attempt. If the email just came to you, double check the from field, links and subject line before clicking anything in the email.
The next thing to do when evaluating a phishing email is to inspect the subject line. The subject will normally say something alarming that will grab your attention. Some buzzwords to look for are, approve, urgent, credentials, your account, I need your help, etc. This is an email way to tricks users by causing alarm.
A good rule of thumb is to always be cautious when it comes to opening attachments. They can seem harmless, but there can be viruses or malware within the documents. Make sure that the source seems valid, or even check with IT before opening an attachment that you aren’t sure about.
The same thing does with hyperlinks. Always be cautious when clicking hyperlinks, unless it is from a trusted source. Many times, threat actors will disguise emails to look like they come from a source that you use with a link to update your payment information or enter your credentials. In these cases, they are trying to access your accounts without effort or install a type of virus or malware onto your machine. Hover over the link first to view the full link address and destination. Never click on something that you are unsure about.
When it comes to an email cyberattack, human error will always be the downfall in an organization and a benefit to the threat actors. You are only as secure as your weakest link. To combat these risks, employee training can help strengthen company-wide security efforts. It is also paramount that your organization has the fundamentals of security implemented and is working towards a multi-tiered defense approach. A holistic security approach can supply everything your organization needs to protect from the oopsies and uh ohs. Contact Magna5 if you need help strengthening your security posture.