Phishing email attacks cost $2.3 billion over 3 years.
A single click from a clerk in the HR cube farm can do it. It is a small difference in maintaining information security or sizeable monetary loss. It could even be the death of your business. All because of a simple phishing email.
From that moment, a single user takes the bait in a phishing email, and your business is susceptible. It becomes exposed to the possibility of data breaches and intensive service interruption. Let’s hope it is not ransomware, or you’re in real trouble.
5 Red Flags of Phishing Email
#1 – Poor writing, grammar, and spelling are signs of Phishing Emails
Poor writing, grammar, spelling, and occasional typos happen to the most skilled writers. When an email has several errors, it could be a clear warning signal. Most businesses do quality assurance on their sales and marketing campaigns. Before emailing them, the message will go through some review stages.
During the review stages, spelling and grammar errors get corrected, and writing refined. When an email shows a lack of this thorough review, then consider it an attempt to phish your employees.
#2 – Is a proposal too good to be true?
Is a proposal too good to be true? Lottery winnings and other “free” stuff may sound nice. But, consider this “amazing” offer came out of nowhere and has no catch.
Pay attention to the content of the email and never get over-excited. Take your time before opening any email that even smells suspicious. You should take your time, review the email, and follow the remaining tips in this post.
#3 – Spear-phishing and Social Media
In recent years phishing has advanced. They have progressed to the point where they can collect all the information they need. They learn all sorts of tidbits about the business and individual employees online. ‘Spear-phishing’ is what we call this type of phishing attack. One sign to immediately be cautious is that the sender is unknown to you. You should take the time to verify the sender before clicking on anything in their email.
4 -Hover the Mouse to Discover Phishing Email
Using your mouse, hover the pointer over the top of the link. This hovering will expose the actual link it would go to if you clicked it. You should always do this, even if it seems to be legitimate. If it doesn’t look right, smell right and especially if you feel something is wrong, compare the link to the text. And if anything is out of the ordinary, look to delete the email. Then immediately report it to your Information Security Office.
5 -Asking for Personal Info
If an email asks for personal identifying information (PII), like birthday or SSN, then stop. The same applies to medical, financial, or business details. Go back to #4 above. Alarm bells need to ring when a message asks for PII, HIPPA, or sensitive business information.
If you suspect there is something that is amiss with the email STOP!!!! Stop and report it to your information security personnel.
Education of the organization’s personnel may seem like a “no brainer.” But many organizations may not know, nor will they have organic resources to do it. Placement of those corny “Don’t get hooked” phishing themed posters won’t be enough. I’ve seen this, signs being the business answer for employee education. That was it!
Besides education, the best guarantee against phishing emails will be a defense in depth. This defense in depth would include a well-configured firewall, spam filter, robust anti-virus & anti-malware.
There are precautions you can take, like having all HTML stripped out of emails when they reach the email server before sending it to the users. Sit down with your Information Security professionals and talk about options. Give yourself, your business, and employees peace of mind and the protection deserved.
Conclusion of Phishing Email: The 5 Red Flags-No Clicking!
Spot the red flags and squash phishing emails before they even make it to that HR user’s email inbox.
Do you have different suggestions and comments regarding phishing emails? If so, I kindly request that you share them. You may leave your comments, ideas, and queries below, or Contact Us.
Would you like to start receiving articles like this and other related to ITSM, IT Policy, IT Consulting, and additional IT service management information today? – START HERE!