Phishing emails, texts and phone calls try to trick you into visiting a malicious website, handing over a password, or downloading a file. This works in email attacks because people often spend the whole day at work clicking on links and downloading files as part of their jobs. Hackers know this and try to take advantage of your habit to click without thinking.
Number one defense: PAUSE BEFORE CLICKING
- Look at the “from” field. Is the person or business’s name spelled correctly, and does the email address actually match the name of the sender? Or are there a bunch of random characters in the email address instead?
- While we’re at it, does the email address seem close, but a little off? E.g. Microsft.net, or Microsoft.co.
- Hover your mouse over any links in the email to see the true URLs they will send you to. Do they look legitimate? Remember, do not click!
- Check the greeting. Does the sender address you by name? “Customer” or “Sir” would be red flags.
- Read the email closely. Is it generally free from spelling errors or odd grammar?
- Think about the tone of the message. Is it overly urgent or trying to get you to do something you normally wouldn’t?
Even if an email passes the initial test outlined above, it could still be a trap. A spear-phishing email might include your name, use more polished language and seem specific to you. It’s just plain harder to notice. Then there are targeted phone calls, in which someone calls you and tries to manipulate you into handing over information or visiting a malicious website.
Beat phishing by calling the sender and locking down your personal and business information. Deploy MFA to your user base to help protect data, even if they do click.
Employee oversight due to lack of training is the number one way hackers gain access to your company’s data. Regular security training is imperative to mitigate these threats. Learn more…