Phishing is a common method cybercriminals use to gain access to a company’s information, servers, and hardware. It often occurs in the form of an email that requests the recipient to perform some action. The email may ask for confidential information about the individual or company, or it may ask the recipient to install a program or open a malicious attachment.
By offering IT security training to your employees and keeping antivirus and detection software updated you should be able to stop most phishing attacks. But even if your employees are trained in data security protocol, we recommend you regularly remind them of some of the easiest ways to stop phishing attempts. Here are the top 4 red flags we see in suspicious emails.
Suspicious Email Attachments
Does it make sense that the email has an attachment? If it feels out of place based on the topic of the email, be extremely wary – especially if the attachment has a strange extension. Most companies use cloud-based collaboration tools like Dropbox or Google Drive, so it’s usually not necessary for internal emails to contain attachments. Any email claiming to be from a coworker should be inspected thoroughly before you decide to open its attachment.
Poorly Written Emails With Strange Salutations
Most legitimate companies use email programs with built-in spelling and grammar checks. You can assume anyone contacting you from such a company will take advantage of autocorrect and spelling checks. Poor grammar and spelling may be an indicator that a cybercriminal is behind the email. The errors could be due to a lack of oversight, or they could have occurred because the criminal is located in a non-English speaking country.
You should also be on the lookout for strange greetings. Anyone familiar with your industry should know what sorts of salutations are appropriate. Overly formal emails should quickly raise a red flag.
Suspicious Emails Requesting Sensitive Data
Companies rarely request that employees and customers reveal their login information outside of the official website or program, so an email asking you to divulge this sensitive information should be regarded skeptically.
Even when they don’t ask you to respond directly to the email, some phishers will create fake login or payment pages to try to collect information from unsuspecting recipients. They will then link you to their fake page directly from the email. If a company you are familiar with is requesting payment via email, you can always manually navigate to their website instead of clicking on the link.
Inconsistencies in Email Addresses and Names
Phishers often choose the name they would like to appear within the email program, and they can put anything they like. They can even claim the email address belongs to Google or Microsoft so you feel comfortable entering your information into their fake webpage.
It’s a red flag if you receive an email that claims to be from John Doe but a quick mouse hovering over the name reveals a nonsensical or inconsistent email address. This is usually easy to check for internal emails because all email addresses should have a similar structure – for example, JDoe@companyname.com. If you’ve received emails from this person before, you can also check the email address on old correspondence to make sure the new email is legit.
If you’re concerned your company may be the target of a phishing attack, contact INTELITECHS for Utah outsourced IT support. We’ll help you identify gaps in your current IT security strategy and manage your antivirus, firewalls, email security, and more.