The growth of phishing attacks in both frequency and sophistication poses a significant threat to organizations of all size. It’s crucial that companies know how to detect some of the most common phishing scams if they are to protect their corporate information. Listed below are 6 things to watch out for in a phishing attack.
Perhaps you may recognize the first and last name of the sender, but it’s very important to continue to proceed with caution, as deception is always the case in a phishing attempt. Be sure to match the first and last name to the email. Even if they match, look but don’t click!
[This is an ergent email! We have importent info on your bank acc. here. ](See what we did there?) Attackers are a lot less concerned with being grammatically correct, than the normal, trusted sender would be. Be on high alert when you discover common English words that are misspelled!
Now, this has so many red flags, you’d think we were playing a game of minesweeper! It’s safe to say, all legitimate organizations will never ask for personal details or sensitive information over email. No if, and’s or buts.
A lot of phishing attempts will try and fool you by creating a sense of urgency or emergency. [So, and so needs $200 from you today to collect their million-dollar reward that they promise to split with you!] For real!? This has scam written all over it.
The attacker will commonly include an attachment with a juicy title, encouraging you to click, download and open the file. And most often than not, this attachment is not what you think it is. (Unless you think it’s malware, then yes, it is what you think it is!)
Believe us when we say, your SOC would much rather be bugged with your concerns of an email, than putting the entire organization at risk. Tenfold.
By following this 6-step guide, organizations of all size should be able to identify a phishy email more quickly. However, that doesn’t mean some may slip through the cracks.
Offering security awareness training is the most effective method of keeping your organization safe! It’s more important now, as phishing attempts are constantly adapting to new forms and tricky techniques! Lucky for you, we offer effective security training programs, reach out to get more information here.
Because one significant cybersecurity incident, like a ransomware attack, will cost the organization far more than a managed phishing testing and cybersecurity awareness program.
For more advice on security practices view the links below:
You can also find us on Twitter, Facebook, LinkedIn.
Don’t forget to register for our 4th annual Camp Secure Sense here. Camp Secure Sense is geared towards helping Canadian IT Security professionals improve their security practices, and better protect their organization.