Let’s Go Phishing!

Raise your hand if your email inbox gets more junk email than you can stand! I absolutely feel your pain with that one. With the sheer volume of email these days, it is easy to gloss over an email and click on something, only to realize too late that it was not a legitimate email.

90 percent of modern data breaches involve some form of phishing email. A phishing email is a fake email in which the sender does their best to craft the email in such a way that it looks trustworthy. That could be done using company logos, pertinent subject line information, the use of scare tactics, and many others. The overall goal is to entice the reader to click on a link or download an attachment. These links and attachments will then install, in the background, malicious software that allows cybercriminals to steal information, breach an organization’s network, or use the device in a larger botnet.

The best defense to phishing emails is knowing how to spot them! Here are 5 quick ways to spot a phishing email before you click on, or download, anything.

  1. Who’s the real sender. Check the from email address and ensure that the business name in the “From” field matches the address that is between the brackets. Always look for typos in the email addresses or business name (think goog!e.com).
  2. Check the salutation. If you are accustomed to doing business with a company, then most of their correspondence to you will contain your name in the opening line. Emails that begin with “Dear Customer” or “Dear Sir/Madam” are red flags that this is a phishing email.
  3. Use your mouse to hover. If the suspicious email contains a link that the sender wants you to click on, hover over it with your mouse icon. This will typically show you the full url address that the link is directing you too. If the email has more than one link, hover over all the links and see if they all point to the same web address. There is another clear sign that this is a phishing email.
  4. Look at the footer. Most legitimate emails will have a footer that contains the physical address of the company and an unsubscribe button. If one, or both, are missing, it is most likely a fake email.
  5. When in doubt, just delete. If, after going through the above 4 steps, you are still skeptical, delete the email! If the email is genuine, the sender will contact you again and most likely through other means. You can also contact the sender via phone, text, or a completely new email. If you choose to contact the sender via email, never reply using the questionable email, as someone may be monitoring the email and will respond back to your reply. Always start a separate email thread.

Cybercriminals are constantly evolving their tactics to increase the chance that they can evade the defenses set up to stop them. If you, or your organization, have questions about how to stay protected, contact MindSpout. We would love to sit down with you and discuss how we can work together to ensure you protection and success. Contact us at Scott@MindSpout.com or 301.767.7211.

Download Our Cyber Maturity Model Certification Guide