Spotted! Top 5 tips for seeing through phishing scams

by

November 9, 2017

In today’s bring-your-own-device (BYOD) world, cybersecurity is a very tall task. In fact, a report from March of this year showed that an estimated 390,000 new malware programs are created every day. In the face of this constantly evolving threat landscape, the question of how companies can avoid malware comes up quite often. The answer is a lot simpler than most people believe.

An August 2016 study by Malwarebytes revealed that nearly 40% of businesses had experienced a ransomware attack in the past year, and that 46% of all successful ransomware attacks originated from email. In addition to implementing technical solutions like configuring anti-spam for email servers, providing employees with security awareness training around how to identify malware and phishing attempts will make your organization much more resilient. Here are our top 5 best practices for spotting malicious email.

Pay extra attention to email with attachments

Ransomware distributors will commonly try to deliver their malware payload by tricking people into opening an attached document named something innocuous like “Invoice” or “Resume.” As with the infamous Trojan horse, when you open an attachment, you also expose yourself to any malicious content hidden inside. To protect yourself, follow this general rule of thumb: If you were not expecting an attachment, don’t open it.

Don’t click on links

In addition to attachments, fake links are a common method of delivering malware to a user’s computer. Fortunately, these are quite easy to spot. By hovering your mouse over a link or image (but not clicking it), you can see where the link is really trying to send you. If the domain in the link does not match that of a trusted site, don’t click.

CybersecurityGraphic.png

Beware of urgent language

Let’s face it, fear sells. With this in mind, malware emails will often contain threatening or urgent language to get you to act without thinking. Examples include claiming that you owe money by a quickly approaching deadline or stating that your account has been compromised. If you receive an email like this, don’t click any of the links it contains—instead, open your web browser, go to the website that the email claims to be representing and log in to verify the veracity of the information.

Check the sender

Spoofing—a method of faking an email’s “From” field—is a common technique used by today’s scammers. Just because an email appears to have been sent by someone you trust, this does not mean the message actually came from that individual. To determine whether an email originated from its purported source, you can check the information in the email header (metadata behind an email). This may be a bit complicated for most users, so we advise consulting your IT department if you suspect an email is spoofed. You can also sometimes use a simpler method of hovering over the “from” address and seeing if the text box popup matches the domain your sender is from. Usually, with a phishing scam, it will be a long, nonsensical email address.

Look for grammar and spelling errors

Malware and phishing compose a global industry, and this makes it possible to identify fraudulent emails simply based on their wording. People tend to review legitimate business emails to correct mistakes before sending, so the presence of simple errors can be a great tip-off that something isn’t right.

Ultimately, spotting malicious emails is a matter of diligence and awareness. To protect yourself and your employer, it’s important to understand what a scam email looks like and how to avoid falling victim to the tricks outlined above. Be critical of every email you receive, and if in doubt, consult your IT department or MSP- that’s why we’re here!. Remember, it only takes one click to infect a network and cause thousands of dollars in damage.

We're Integris. We're always working to empower people through technology.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...