Don’t Take the Bait: How to Avoid Phishing
February 17, 2022
Below are the basics of what you and your employees need to know about phishing.
What Is Phishing?
Phishing is a form of cybercrime in which emails are sent to targets by someone posing as a legitimate person or company. These emails attempt to dupe the target into downloading malware onto their computer, or providing account numbers, password, or personally identifiable information to gain access to their various accounts. For example, targets will receive an email that appears to come from someone they know or a company they do business with; it will likely even include a company logo to help sell the ruse. The phishing email will include a request to click on a link or open an attached file, such as ‘Click here to re-confirm your account’ or ‘Please see attached invoice.’
How Can I Avoid Taking the Bait?
Thankfully, phishing attacks are preventable, as nearly all email attacks require the recipient to physically click on a link or open an attachment. Cybersecurity provider Proofpoint’s ‘2019 Human Factor’ report states 99 percent of all cyberattacks relied on human interaction to execute. You can avoid becoming a victim through your actions—don’t click on a link or open an attachment in a phishing email.
Here are some red flags to help you detect phishing scams:
- The sender is someone you don’t ordinarily communicate with.
- You don’t recognize any of the other recipients of the email.
- The email concerns something outside of your job responsibilities.
- The message within the email is vague.
- It contains an attachment you didn’t request or weren’t expecting.
- The domain of the sender’s email address has typos (for example, @amazorn.com).
- Hovering over a hyperlink with your mouse reveals a website unrelated to the sender.
- The hyperlink contains a misspelling of a known website (for example, @droppbox.com).
- It requests you provide personally identifiable information or account numbers and passwords.
While you can educate yourself and your employees about how to detect phishing emails, people make mistakes. We receive a lot of emails each week and it’s easy to let your guard down. The best way to protect yourself from phishing scams is through technology. Spam filters, internet browser settings, multi-factor authentication, data backups and regularly updated security software eliminate the human element and provide much-needed layers of protection against phishing scams.
Common Phishing Email Subject Lines
- Password Check Required Immediately
- You Have a New Voicemail
- Your order is on the way
- Change of Password Required Immediately
- De-activation of <your email> in Process
- UPS Label Delivery 1ZBE312TNY000015011
- Revised Vacation & Sick Time Policy
- You’ve received a Document for Signature
- Spam Notification: 1 New Messages
- [Action Required] – Potential Acceptable Use Violation
Hackers are playing into employee’s desires to keep their email safe and secure using key phrases that even somebody who is not so tech savvy would recognize. There’s also an intrigue of mystery that often make people curious enough to click on the email (i.e. new voicemail, your order is on the way).
It’s quite easy to spot one of these phony messages because the body of the email will contain hardly any content. If the subject has you skeptical but the content looks legitimist, look for accuracy of what it is stating or any grammatical errors. Whatever you do, DO NOT click into the email at all if you continue to be skeptical. Is it always better to be safe than sorry in the world of IT security!
If you feel as though you have received a phishing email, delete it from your inbox, and then make sure you delete it from your trash folder. If it’s a ‘real’ email of importance, you will get notified through a different platform.
Contact Doceo IT!
Luckily, Doceo IT has an experienced team of Technology Professional who can help detect and protect your company from cybercriminals. If your business would like help shoring up your defenses against phishing and other types of cybercrime, contact us today to speak to one of our cybersecurity experts.