We Continue our Security Awareness Training by addressing some of the most common challenges for organizations who are now having to protect users, data, and clients while workers connect remotely or at the office to corporate systems.
Our focus will be to help you better understand what a Phishing attack is, what it does, and 5 flags you can use immediately to help identify a Phishing attempt whether at the office or remote, let’s get started!
What is “Phishing”?
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
How can I reduce the risk of falling victim to a phishing attack?
We have listed 5 red flags below to help you identify and reduce the risk of falling victim to an attack.
“intimidation/ Rushing”- if you have an out of the blue request via email or phone call requesting information, money, or other actions in an “unusually” short period of time, then please raise a hand and reach out to the appropriate resource prior to responding.
“small mistakes”- emails with poor grammar/ illogical sequence sentences or very vague headers ex. “Hello customer” as opposed to addressing the specific end user. The email “from” address can also be VERY close to yours ex. firstname.lastname@example.org .(these addresses are designed to look VERY similar to your trusted email addresses did you notice the “n” and “r”?) It is time to pay attention to sender information and overall look and feel of emails, if they don’t appear right…pause and raise hand
“requesting forbidden/ private information”- this should spark the “something is wrong here” flag, however these requests can be elaborate and seem valid at first. The question you need to ask yourself is this something that I should be giving at all? A common example is: the CEO of your company asking for information they should already have, and it will probably be coupled with the “rushing” and many other flags listed here.
“Requesting opening of an email attachment”- this should immediately raise a flag, when sending attachments, it is assumed that the content is needed so if there is pressure, or a specific request then it may be malicious. Please start paying more attention to the name of the attachment, and if it doesn’t feel / look right, then …you should now know what to do. Report it to your trusted IT/security resource (don’t open)
“Spoofed URL’s & Hyperlinks” -How do you know if the link actually goes to the resource it is claiming to? Hover (don’t click) over the link to verify its authenticity, but NEVER just click on these links to find out where they go.
We hope this has been helpful, please continue to look for our follow up in the Security awareness series with more Recognizing a Cybersecurity threat, and more!
PCS Managed Services strives to provide a Stable, Secure, and Productive environment for its clients, and is here to help you! For more information, please call us or email us at email@example.com for more information on how we can help better protect your team.