Are You Aware of Common Phishing Features?

Here are some Best Practices and Tips.

Phishing is a cybercrime in which a target or targets are contacted, typically by email, by someone posing as a legitimate individual (CEO or manager) or institution. These emails typically include a call to action, such as requesting your information or asking you to complete a task.

Signs of Phishing Attempts

  • Emails insisting on urgent action – do so to fluster or distract the target. Usually threatens a negative consequence if the action is not taken, making victims fail to study the email for indications it may be bogus.
  • Emails containing spelling mistakes – emails claiming to come from a professional source that contain spelling mistakes or grammatical errors should be treated with suspicion.
  • Emails with an unfamiliar greeting – emails containing language not often used by friends and work colleagues likely originate from an attacker and should not be actioned or replied to.
  • Inconsistencies in email addresses – look to detect inconsistencies between the sender’s email address and previous emails received from the same person.
  • Inconsistencies in links and domain names – links to malicious websites can easily be disguised as genuine links.
    •  Hover your mouse pointer over a link in an email to see what displays as the address before clicking on it.
  • Be wary of suspicious attachments – file sharing in the workplace now mostly takes place via collaboration tools such as Dropbox, OneDrive, or SharePoint. Therefore, emails from colleagues with file attachments should be treated suspiciously.
    • Be extra cautious of unfamiliar extensions or ones commonly used to deliver malware payloads (.zip, .exe, .scr, etc.)
  • Emails that seem too good to be true – incentivize targets to click a link or open an attachment with the promise that they will benefit by doing so.
  • Emails requesting login credentials, payment information, or other sensitive information – should always be treated with caution. By adopting the anti-phishing practices listed above, recipients should be able to determine whether these messages should be treated as a threat and be able to deal with them accordingly.

How can you avoid these threats?

  • Stay informed about phishing techniques – new phishing scams are being developed all the time, making it easy to fall prey to one.
  • Think before you click – clicking on links that appear in random emails isn’t a smart move.
  • Verify a site’s security – make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar. Check for the site’s security certificate as well.
  • Check your online accounts regularly – get into the habit of checking in with each of your online accounts on a regular basis.
  • Keep your browser up to date – stop ignoring browser updates, the minute one is available download and install it
  • Be wary of pop-ups – pop-up windows often masquerade as legitimate components of a website.
  • Never give out personal information – as a general rule, never share personal or financially sensitive information over the Internet or via email
  • Confer with co-workers and employees – discuss how you typically communicate, including what you would not do

What to Do if You Receive a Phishing Email

  • Take a screenshot or verify legitimacy with your co-workers / manager
  •  Delete email
  • DO NOT…
    • Forward the email
    • Reply to the email
    • Download attachments or click through links

Examples of Phishing Emails