Emails originating from unknown or unfamiliar senders are a red flag for phishing email scams, which have become increasing hard to catch. Unfortunately, scammers are becoming more sophisticated, sending emails that appear to be from a known contact. Employees need to be extra cautious when dealing with emails as to not expose themselves and their companies to attackers with phishing email scams.
Here are some ways to avoid falling for a phishing attack:
- When you are opening an email, always click on the sender’s email to check the email address the email actually came from. Attackers are able to spoof the name so it appears to be sent from a contact you would expect to receive an email from. Look very closely at the email. Sometimes, attackers will change one letter or number so it appears that it is the email address you would expect.
- The next item that should be check is the salutation. How do they address you in the email? Do they refer to you the way the contact would normally address you? If don’t use your name and use, “Dear Sir or Ma’am”, “Dear Customer” or anything out of the ordinary, it is likely fake. In the following example, you can see that Devin has used Dear Ashley, however whenever Devin sends internal emails he starts right into the body of an email, and does include a salutation, making this email suspicious.
- If the email requires you to sign into anything, DO NOT DO IT. This will likely prove to be a way hackers will get into your systems. If you think it could possibly be legitimate, reach out to the sender and check to see if they sent it over.
- If you see links in the email DO NOT click on them. Clicking on a link could allow attackers into your network. You should hover over the link to see if it seems legitimate. If there are multiple links and by hovering you discover that they are all the same URL, you can assume it is a phishing email.
- Check the footer. Did the sender use their normal email signature? Is there info missing from the signature? If there is no signature or if the signature is missing information, it is likely a phishing attack.
- Lastly, if you have a bad feeling about an email, just play it safe and call the contact you believe sent it and check. It is always better to be safe than sorry.
Interested in Security Awareness Training or Lunch’n’Learns with our team to help educate your employees on the vulnerabilities of emails? Reach out to us at firstname.lastname@example.org to request information.