When it comes to phishing attacks, bait often comes in the form of a compelling email. Therefore, anti-phishing awareness is vital, both at home and at the office.
Why?
According to the FBI, phishing is by far the most preferred form of attack by cybercriminals. In that year alone, 6.95 million completely
new scam and phishing pages were generated online.
The biggest targets were the technology, finance, and retail sector, and the most common email service used was Gmail.
This all coincides with the move to remote work, with 81% of organizations around the world experiencing an increase in phishing attacks. So, it's easy to see why it is the primary security concern for as many as 90% of IT professionals.
And the weakest link? Humans.
Help your team adapt the anti-phishing mindset and keep a lookout for the following traps to avoid a costly attack at the office.
You will probably receive an abundance of emails from other professionals at the office. True professionals will have a domain email.
Those with an established business are not likely to use Gmail as their email provider. However, if one does land in your inbox, you should automatically proceed with caution. As previously mentioned, this is the
most common service used for phishing emails.
However, sophisticated cybercriminals already know this. So,
in order to avoid being detected, they will mimic the organization they're
posing as.
This recently happened to Microsoft just last year. Hackers engaged in
an active phishing campaign, using a combination of "legitimate-looking
original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters."
If you're ever in doubt whether a true professional is contacting you, double-check by doing a simple Google search of the company,
and you'll be able to find the proper email addresses.
If you are the recipient of a marketing email to which you never subscribed, there is a high chance you're the target of a phishing email.
If that quick Google search didn't come up with any contact emails, you can always follow up over the phone with the sender, just to be sure.
Incorrect spelling and grammar are some of the most common signs that you've received an email. This is especially true with domain names.
Phishing emails typically direct you through to a fake domain for the purpose of stealing your sensitive information.
To be effective, it's essential that they replicate the organization's web domain they're trying to dupe.
Since the domain they're trying to duplicate is already taken, they need to come up with a fake domain, and so subtle changes are made to the URL. Often, very similar characters are used in the spelling to throw the unsuspecting user off.
Let's take Google as an example. Instead of https://www.google.com/,
you might see something along the lines of: https://www.go0gle.com/. Upon closer inspection, it's pretty easy to spot, isn't it?
How about: https://www.googIe.com/? We've replaced the lower case L with a capital I, and most people wouldn't be able to tell the difference in the search bar.
See how easy it is to trip up? While it's great to have your eyes and ears open at all times, it takes just one click for businesses to fall prey to a phishing attack. So to ensure maximum safety, it's crucial to invest
in reliable anti-phishing software. Preferably something that extends beyond email, protecting your cloud applications as well.
Scammers love to send through malicious attachments in emails, so if you see file formats such as .EXE or .SCR, you should think twice and double-check the source prior to opening.
As more people catch on to their fraudulent ways, cybercriminals have evolved their techniques and loaded PDF files with malware.
We've all been warned about receiving emails from unknown senders. Still, there is also the possibility of your friends, family members, and co-workers getting their emails hacked and sending out phishing emails to
their email list.
So, how can you know?
If the email you receive from a known person contains a different tone than usual, contains random links, file extensions, a blurred-out document with a link to view it, or urgency to take a certain action, be sure to call them and make sure they haven't been hacked.
Some cybercriminals have made the shift from sending mass emails out to targeting particular employees by posing as company CEOs. Otherwise, known as spear phishing, these emails are carefully curated, asking the recipient to carry out specific tasks.
These emails are sent in the hope that employees don't question the odd requests because it's coming from someone in management or even the CEO, but that is precisely what you need to do.
If you're asked to pay an invoice or send over personal information, contact the person in question to ensure the email is legit.
Staying ahead of tech-savvy cybercriminals is no easy task, especially if you're not an IT expert. However, making sure that both you and your co-workers are informed and know the key indicators of these attacks is a
great start to an efficient anti-phishing strategy.
But it takes just one slip-up from one employee for a business to potentially crumble. That's why it is imperative to invest in effective anti-phishing software.