Train your employees continually to recognise phishing
I’ve spoken many times about what to look out for to avoid being ‘phished’. Importantly, this time of year you need to be extra vigilant, and this is just a little reminder what you and your employees can do as the first line of defence to help protect your business from phishing emails.
1. What is Phishing?
Phishing is a type of fraud whereby a hacker attempts to gather personal information. They do this by impersonating a legitimate source or by sending users to a malicious web site.
2. The sender of that email may look legitimate.
Your employees should never trust an email based simply on the suggested source e.g your bank or your company. Therefore, always certainly be on your guard.
3. Subject lines are used to lure people in.
Cyber criminals will do whatever it takes to get people open their emails. As a result they will often use particular language in subject lines that urge immediate action therefore evoking a sense of urgency and panic, or maybe curiosity e.g. ‘You must read this email now or your account will be blocked’ or ‘We are giving away 100 i-phones to the first 100 people’.
4. Impersonal greetings are a red flag.
Phishing emails are often sent to many people at once, therefore they usually lack personal greetings. Furthermore, your employees should be cautious of terms like ‘customer’ or ’employee’ especially if the email is asking for personal information.
5. It;s important to notice grammatical and stylistic errors.
Above all employees need to read their emails carefully but if they haven’t got the time to read to do this advise them to leave it for when they do. Many phishing attacks come from other countries, this results in an abundance of grammar and stylistic errors. Therefore, if an email from a supposedly reputable company has spelling and grammar issues, it is probably a scam.
6. It is important to check the link destination within the emails and the sender address
Make sure your employees hover over all links in the email before clicking them. Likewise, it is also good practice to hover over the senders address to see if that looks legitimate. Websites that end in alternative domain names to .co.uk, .com or .org you should to be cautious of.
7. Emails demanding “immediate action” are probably scams.
Potential email scams can have an aggressive tone or claim that immediate action must be taken. Consequently, this technique is often used to scare people into giving up confidential information.
8. Don’t rely on images or logos.
Almost all mages can be downloaded or easily replicated. Similarly, brand logos and trademarks are no guarantee that an email is real. In addition, anti-virus badges can also be inserted into emails to persuade victims into thinking there is no real threat. None of these add any actual legitimacy to an email.
Finally, the security landscape is constantly changing, and as such employees need to be continuously trained and kept on their toes. Furthermore, increased investment in employee training can reduce the risk of a cyber attacked 45 to 70 percent.
To find out more information on how we can provide continuous Security Awareness Training for your business please contact us here or call 0845 094 0010.