Reading through Microsoft’s latest Security Intelligence Report, you will quickly get the notion that phishing attacks are some of the most prevalent cyberattacks. With businesses forced to use technology to support a remote workforce, this is definitely still relevant information.
It then becomes extremely important that your business does a quality job of training your employees to spot phishing attempts before they become a problem. Let’s take you through some of the telltale signs that you have received a phishing message.
A phishing email often paints a picture of a situation that won’t end well for the reader unless the reader acts immediately. For many people, this is enough to make them click on links and open attachments they have no businesses interacting with. The phishing attack is that much more effective when it seemingly comes from a legitimate source. If the contents of an email don’t sit right with you, and you don’t immediately identify the address it is sent from, it is a phishing attack and needs to be reported to your company’s IT administrator.
Beware of Attachments
Hackers are known to send attachments with their phishing attacks. These attachments, if interacted with, will often disperse malware. This can be completely devastating to a business’s network security. If you don’t immediately recognize the sender of the email, don’t click on any attachments unless you first verify that the message came from a friendly sender.
If you couldn’t tell by the tone and content of the message, the best way to tell if you are dealing with a phishing attack is to check the URLs of the links embedded in the message. If you mouse over any hyperlink, you can quickly check the URL in the status bar. If you don’t recognize it, don’t click on it — and immediately report it to your IT administrator.
Impersonal and Unprofessional
Most marketing emails nowadays are crafted by trained marketers to give the reader the sense of importance. Since a company’s brand means more now than ever, a legitimate marketing message will seem personalized and deliberate. A phishing email staged to look like a marketing email, however, lacks this touch. So if you get an email that looks like a marketing message, but there are grammatical errors and misspellings, or the tone seems desperate, you’re probably being phished.
This isn’t a comprehensive list — there are plenty of other ways to tell that an email is a phishing attempt — but it should help you get your staff in the right mindset to not engage with phishing attacks. Check with your IT department or provider to learn more about phishing and the security measures you can take to keep from becoming a victim.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.