2020 has seen hackers continuing to evolve their cyber-attack techniques, employing cynical new methods to extort money from victims. By understanding the latest phishing trends, organizations will be able to adapt and take measures to mitigate risk in the developing cyber threat landscape.
DETECTING A PHISHING EMAIL
When a phishing email makes its way into our email inbox, there are often ways to determine whether they are legitimate.
1. Check the Email Address
Always check the email address. Phishing emails look similar to the emails of your contacts or work colleagues but will be slightly misspelled or from a different email service. If you receive emails email@example.com you might see a phishing email from firstname.lastname@example.org or email@example.com. These tricks are most common and if you are not paying attention, usually successful. The simple change of a few letters can lead to suspicious links and breached information, so always be on the lookout. If you suspect phishing for any reason, always confirm with the person you are corresponding with outside of email or contact your IT help desk.
2. Avoid Clicking Links
Avoid clicking links you are not familiar with, even if the email appears to be from a legitimate source. Phishing links are often disguised to look like one web address, but when you click the link it leads to a malicious site. Always contact the person who sent you the link to confirm it is legitimate. While you might risk waiting to view a website or video while you wait for confirmation, the consequences far outweigh the wait time. An advanced tip is to copy the link and paste it into a word document to see if the link matches in both places. Sometimes you can even highlight and right-click the link to “inspect” the link for malice. Always contact your IT help desk if a link appears suspicious.
3. Spelling and Grammar Mistakes
Check for odd spelling and grammar mistakes in the email. While one or two typos may not be cause for alarm, robotic and awkward sentence structure is a strong sign of phishing. If you notice these oddities, always contact your IT help desk to confirm whether you have a phishing attempt on your hands. This will aid the department in successfully blocking the attempt and preventing others from falling victim.
4. Be Suspicious
Overall, be suspicious. Most emails are innocent work or personal communication that causes no harm, but it never hurts to confirm with your co-workers and friends before you click on anything. Keeping an eye on email addresses, links, awkward wording, and always checking with your IT and help desk if you suspect phishing can protect you and your company from losing important information. While it might seem like a hassle, getting caught compromised is never a situation we want to find ourselves in. Be sure to protect yourself by being vigilant and aware of inconsistencies.
While emailing has become so much more than electronic mail, we can still enjoy the convenience of instant communication if we implement these simple strategies. Educating yourself on how to recognize and combat phishing will make emailing safer for you and your company.
other red flags include:
· Unofficial “From” Address
· Urgent Action Required
· Generic greeting
· Link to a fake website
DEFENDING AGAINST PHISHING
Here are four ways organizations can more effectively protect themselves from the latest phishing trends and other cyber-attacks:
1. Implement multi-factor authentication – using multi-factor authentication for access to Microsoft 365 and other accounts will repel the vast majority of cyber-attacks.
2. User robust email security – email is by far the number one vector for hackers to infiltrate organizations’ networks, and phishing emails are the number one threat in the email space. Organizations should incorporate a robust email security solution to protect themselves from such attacks.
3. Educate employees – proper and ongoing education of employees around the evolving threat landscape will ensure they are able to identify and address phishing emails when they slip through the net and enter their mailboxes.
4. If a breach has been detected in an organization, the organization should make sure to notify all its business partners as well – any delay in notification only works for the benefit of the attacker.
Do not fall victim to phishing scams, contact abmis.ca today to ensure your network and staff are secure and always up to date.