Microsoft’s latest Security Intelligence Report cites phishing attacks as the most prevalent cyberthreat. With the COVID-19 outbreak pushing large numbers of workers to their own homes, it is almost assuredly still the case. As a result, it is extremely important that you and your staff understand how to spot potential phishing attacks and what to do when confronted with an attack. Today, we will provide you some tips on how to identify and remediate such attacks.
You would think that since millions of phishing attacks are ignored, set to spam, and actively mitigated each month, that there wouldn’t be such a desperate effort to educate people about the signs of phishing attacks, but the fact remains that it only takes one successful phishing attack to compromise an entire workstation, network, or computing infrastructure.
Today, everyone that works for your company will need to be able to spot and report a phishing attack. Doing so can sometimes be extremely difficult if the spammer does his/her homework. Consider using and teaching these tips to keep your business from being a victim of a phishing attack.
One of the first things you need to know about phishing emails is that they almost always push you to take impulsive action. That’s why so many people fall for them each year. They often seem like they are from a legitimate source and are written to deliver fear. If the contents of an email give you an uneasy feeling, and they seem a little out of scope for the sender, chances are it is a scam and should be reported.
Hackers will often send attachments with their phishing attacks. If you are sent a .zip file, and you don’t immediately recognize the sender, do not click on it. In fact, it’s best practice that any email sent with an attachment, if you don’t know exactly what it is, should be verified before being opened.
If you can’t tell by the tone of the content, one telltale sign that you are dealing with a phishing attack is to look at the URLs of the links or the actual email address the message comes from. Hackers will often resort to small changes and redirects to get a recipient into a compromised position. If you hover your cursor over any link, you can see the URL it directs to in the status bar. If it is not a URL you immediately know, you should verify from the sender.
Today’s company is more cognizant of their brand and message than any time in history. If you receive an email that is filled with grammatical errors, misspelled words, and poorly defined sentences, you will want to avoid clicking on anything. Marketers today are trained to make an email as personal as they can. If your email has an impersonal message, chances are it wasn’t sent from a marketer and should be reported.
This may not be a comprehensive list, but by following these tips you will be better prepared to deal with a phishing message. The IT professionals at i-medIT do a lot to drive forward security as an integral part of any IT management policy. To learn more about phishing, call our knowledgeable professionals at i-medIT today at 630-549-6199.