Phishing is one way that identity thieves, scammers and fraudsters can steal data and money from businesses. The objective is to trick your employees into providing confidential or personal information which can then be used for fraudulent purposes.
Spam, fraudulent and malware infected emails are sent every day to both work and personal email addresses. According to Sophos – people open or click on 30% of phishing emails meaning your employees may be your weakest link when it comes to email security.
How do you recognise a Phishing email?
The email sender
If you don’t bank with a certain bank or not expecting an order or delivery from Amazon – then why would they be sending you an email? Likewise treat all unexpected emails and those from unknown senders as suspicious. Often spammers will attempt to impersonate someone you know by sending an email using a legitimate colleagues name, but look at the actual email address, does it look suspicious?
Poor Grammar and Spelling Mistakes
One of the biggest indicators of a phishing email is the use of poor language, and spelling mistakes.
The email recipient
If you are a customer of the sender, the email should be addressed directly to you and not a generic recipient such as ‘Dear Customer’ or ‘subscriber’. Beware of impersonal greetings.
Email Subject Line
Emails should include meaningful subject lines, therefore if it looks unusual, or there are spelling mistakes or excessive punctuation, you should treat as suspicious. You must also be careful with some email subjects such as ‘Verify your Account’, ‘Invoice’, ‘Invoice Reminder’, ‘Action Required’, as these are common subject lines used to trick you.
Some organisations know better now than to send you information contained within an attachment, therefore delete the attachment as these may contain malware.
Be wary of website links. These can be easily disguised and may take you to malicious or untrustworthy websites. Hover over the link, but don’t click, check that the URL includes HTTPS and a padlock icon. Beware of lookalike URL’s meant to trick you.
What can you do to protect against phish threats?
Educating your employees is very important to ensure they are trained in IT Security and become aware of the types of threats and how to identify phishing emails, provide phishing examples and test them!
It’s important that you establish a multi-layered approach with your email security and this starts with a range of protection tools including anti-virus and advanced threat solutions to protect from viruses, malware and ransomware.
To discuss all things Phishing and Cyber Security – why not give us a call or contact us to discuss your requirements further.