Email phishing is a common tactic used by cybercriminals to obtain confidential/ sensitive information from users or to launch further attacks including ransomware. Given this, it is important for employees to be trained on email security to identify this type of attack. Employees are your first line of defense and if they’re unaware of the red flags, they can easily fall victim to this type of scam. In this blog, we will touch on a few tell-tale signs your users can use to identify a potential phishing attack so that you can avoid being reeled in.
- Check the email address of the sender
- Phishing emails always ask for sensitive information
- Watch out for attachments or links in the email
Check the email address of the sender
If the email is from an address you don’t recognize, do not open it. Even if the email looks legitimate, it could be a phishing attempt. To check whether an email is from a trusted sender, you can hover (do not click) over the sender’s name to see their email address. If the email address looks suspicious, don’t open the email. Another way to check the sender’s email address is to look for misspellings or unusual characters.
If you’re still not sure whether an email is legitimate, you can contact the sender directly to confirm. Do not use the contact information in the email itself; instead, find the company’s contact information on their official website or the telephone directory, and use that to get in touch.
Phishing emails always ask for sensitive information
Phishing emails always ask for sensitive information such as login credentials or credit card numbers. They may also ask for other personal information, such as your date of birth, TRN, etc. If you receive an email that asks for this type of information, do not respond unless you can confirm it is from a legitimate source. Always be mindful when sharing material of this nature via email, especially when being asked for another person’s sensitive details. With the DPA here, you cannot and most definitely should not take the risk.
Watch out for attachments or links in the email
Phishing emails oftentimes try to get you to click a link or attachment. If an email has an attachment or a link, be cautious before opening it. Attachments and links can contain malware that will infect your computer. If you’re not expecting an attachment from the sender, do not open it. Similar to when verifying the sender, if you’re not sure whether a link is safe, you can hover over the link to see where it would take you if you clicked it. If the link looks suspicious, don’t click it.
A rule of thumb is “When in doubt, throw it out!” If you’re not sure whether an email is legitimate, it’s better to delete it than to engage with a potentially malicious email that can allow cybercriminals to wreak havoc on your business. If you have any questions or concerns about email security for your business leave a comment below or check out our SaaS Essentials to learn how you can protect your business from phishing and other email-based attacks.