7 Telltale Signs of a Potential Phishing Email
When a phishing email goes beyond the solution deployed by the company to protect against phishing, the recipient's ability to identify such emails is the last line of defence against a cyber attack. It is therefore important to educate employees on how to spot a phishing email to reduce the risk of security breaches.
Below are some telltale signs of a potential phishing email:
#1 Look out for email from unknown source asking to take urgent action
Engineered emails insisting on urgent actions do so to fluster or distract the target. Usually this type of email threatens a negative consequence if the action is not taken, and targets are keen to avoid the negative consequences such that they fail to scan the email for inconsistencies or indications that it may be bogus.
#2 Check for inconsistency in the sender's email address
One of the best practices for email security is the random checking of senders’ email addresses – especially when an email address of a regular contact appears unfamiliar. By checking the sender's email address against previous emails received from the same person, it is possible to detect inconsistencies.
#3 Check for suspicious link(s) within the email
Links to malicious websites can easily be disguised as genuine links. It is advisable to encourage employees to hover the mouse pointer over a link in an email to see what address 'pops up'.
#4 Be wary of suspicious attachments
File sharing in the workplace now mostly takes place via collaboration tools. Emails from colleagues with file attachments should be treated with caution – especially if the attached file has an unfamiliar extension or one commonly used to deliver malware payloads (.zip, .exe, .scr, etc.).
#5 Emails that seem too good to be true
Emails that seem too good to be true incentivise targets to click on a link or open an attachment with the promise that they will benefit by doing so.
#6 Emails requesting for sensitive information
Emails requesting login credentials, payment information or other sensitive information should always be treated with caution.
#7 Look for the “s” in https://website.com
Some websites start with http:// and others with https://. The “s” in the latter stands for secure and will show a little lock icon next to it. Those websites are safest for browsing and purchasing. Stick to secure websites whenever possible.
TÜV SÜD act as MSSP of Cofense and enable the targeted simulation of phishing tests with subsequent evaluation and assessment of the risk. Learn how we can support you in protecting against phishing attacks with Simulated Phishing Attacks Service here.
Watch our on-demand webinar
KNOW HOW TO PROTECT YOUR COMPANY AND EMPLOYEES FROM PHISHING ATTACKS
TÜV SÜD’s free on-demand webinar will help you understand the actual phishing threat landscape through recent examples and share how organisations & employees can detect and protect themselves against Phishing Attacks:
• Phishing Threat landscape
• The human factor
• Most common Phishing attacks
• How to detect Phishing attacks
• How to protect against Phishing
• Phishing Simulations for employees
• Live demonstration of simulated Phishing attacks
Read more about how organisations and users like you, can configure and utilise video conferencing services securely.
Bosnia and Herzegovina