Phishing is the act of defrauding or stealing information and data from a computer user or network by posing as a legitimate organization. Phishing emails are what hackers use to get access into internal networks by tricking the recipient of their fake email. The term came to be as a homophone of “fishing” because phishing involves using a lure (posing as a legitimate enterprise (name/website/links/documents) to catch “fish” (the computer user) to take action that opens up a vulnerability within their network.
There are a good number of red flags that can be fairly easily identified in these phishing emails that, when identified, can help the user understand that this email is a risk and should be deleted immediately. They include:
- The “From & To” Lines
- If you are uncertain about or do not know the identity of the sender, be on guard.
- If the “To” is not your normal identification/name, take note.
- Date Line
- Be wary of any emails sent at unusual times of the day—that do not fit norms.
- Subject Lines
- If it appears to be a reply to something you have never sent, avoid it.
- If the subject is irrelevant or does not match the message content, heads up.
- Attachments
- If you were not expecting it, watch out.
- If the file type is suspicious, be suspicious.
- Hyperlinks
- Hover over hyperlinks before clicking. Be sure that the address they appear to link to are legitimate. Watch for close spellings of the correct domain names.
- Content
- Finally, the content. If there is supposedly an urgent need for you to take action…it is likely not true.
These red flags are just a few of the key things that your staff needs to be aware of so that they do not expose your network to attack via a phishing email.
The IT Radix team can share with your team more in-depth training on how to avoid such phishing emails and more. After training them, we can follow up with those employees with your own “fake” phishing emails to see how they react in “almost” real conditions to such attempts to access your network and steal data. These phishing tests have proven very valuable in helping clients reduce their risks, raise awareness and improve their overall network and data security.
Reach out to us to discuss how we can help your staff learn how to avoid being caught on a bad phishing lure!
[code-snippet name=”hiding-blog-image”]