What is Phishing Email?
A phishing email is a general term for an email that requests you to click a link, open a document, or provide personal/corporate information. The results of a successful phishing attack could mean stolen identities or credit card information, compromised passwords, malware infection (including ransomware), and various other problems.
How Do You Avoid Becoming a Phishing Victim?
INSI offers many useful tools to help protect your company from phishing, such as spam filters, antivirus software, firewalls, and data backups. All of these tools are critical in the defense against phishing. However, these resources alone cannot prevent all attempts from reaching users. Ultimately, everyone must be educated and vigilant!
What to Look for in an Email?
Your end-users must be trained and tested on how to identify phishing emails. Following are the most common clues:
- Make sure you know the sender. Also, ensure that the sender’s name matches their email address.
- Be wary when the subject is not clear. Usually, phishing emails are known to have oddities in the subject lines.
- Check to see who the greeting is directed toward. A generic greeting is a sign of phishing.
- One of the single biggest red flags is if the email insists on urgent action. Cyber-criminals know that panicked users will be more likely to click on a dangerous link.
- Never click on a link that claims it will redirect you to the company website as these links can actually send you to a fake website and trick you into giving your username and password.
- Most professional companies will review their emails so that they will not often contain spelling or grammatical mistakes. Take another look if you see many simple errors.
- If you know the sender, ask yourself if the language used sounds like the person you know. Look for a writing style inconsistent with how that person usually communicates.
- Ensure all attachments are clearly named. Many phishing emails use obscure or generic names to pique curiosity and encourage the recipient to open the attachment.
Now Let’s Take a Look at Some Real Examples!
Don’t Be Afraid to Ask the Sender!
When I am unsure if it is a phishing email, I call the person directly and ask them if they sent it to me. Sometimes I reply to the email with the same question. I have found people do not get offended and they are more than happy to answer this simple question.
INSI Security Package
INSI’s Security Package includes a phishing email to all your employees. We track who clicks on the email to determine who needs additional training on cybersecurity. This package also includes a security audit, network security vulnerability assessment, semi-annual security check, biannual penetration test, quarterly security checks, staff training, antivirus monitoring, web content filtering, web protection, spam protection, and 24X7X365 monitoring and response.
We have multiple other managed security options available to meet all your needs.
When In Doubt – Let Us Know
This post is part of the INSI Awareness Campaign that is designed to keep our clients protected and informed. If you are concerned about a phishing email, please do not hesitate to contact our helpdesk at 770-387-2424 before opening it. Our engineers are more than happy to check it out and make sure it is safe. After all, we are here to serve you!
By: Brandon Schultz & Deborah Frazier