Are your employees prepared to defend you?

Curious what some phishing emails might look like? Learn about quick ways to avoid clicking on the BAD link.

According to KnowBe4, a leader in cybersecurity awareness training, 90% of data breaches are initiated by phishing attacks and over 30% of phishing emails are opened by their recipient. Human error, more than any other factor, is the leading cause of data breaches. Great harm can be done to your business when considering the expense, exposure, and lost productivity resulting from a breach.

Threats come in a variety of forms. Phishing emails contain malicious links and/or attachments that can infect systems with malware, ransomware and adware. Spoof emails appear to come from a trusted source and use a sense of urgency to bait recipients into disclosing sensitive company or personal information.

KnowBe4 offers the following suggestions to avoid falling victim to a phishing attack:

  • Slow down. Carefully read each message. Think before you click.
  • Hover your mouse over, but do not click, embedded links to reveal the actual website.
  • Beware of poor spelling and grammar, along with incorrect and overused punctuation. These are a red flag that the email is probably a phishing attack.
  • Look out for generic greetings, such as dear customer, sir or madam. Most legitimate entities will address you by your full name (or username), whereas phishing emails usually opt for generic greetings.
  • Verify the email address and company logos. Scammers can change one single letter in an email address or slightly change a logo to make the email seem real.
  • Never make assumptions and remain skeptical. Even if an email appears to be from your boss, co-workers or family members, it could still be a scam. Requests for sensitive information or money should immediately raise your suspicions. Offers for free vacations or money from a family member you have never met are likely phishing emails.
  • Phishing emails often come with malware attached. Use extreme caution whenever you receive a random attachment. It is generally best to avoid downloading any attachments unless you are 100% sure they are trustworthy.

Note the indicators of a phishing email in the image below:

  • Email domain (@talawafostering.com) is not related to DropBox.
  • The logo is not DropBox’s logo.
  • The greeting is addressed to Dear Sir/Madam.
  • Hovering over the “View Document” link would reveal a site not related to DropBox.

The signs of a phishing email are harder to see in this example, but they are present:

  • Poor grammar: “If you’ve already review…”
  • Hovering over the “View your fax” link would reveal a site not related to Microsoft.
  • Questions to ask:
  • When was the last time you received a “fax / E1 Document” from Microsoft? The answer is likely never, since this is a phishing email.
  • Do you recognize the sender of the email? If so, contact them via separate email or phone call to verify the legitimacy of the email in question.

Phishing email that appears to come from the company’s IT department but is from an unrecognized domain. Clicking on the cleverly devised option to “Keep Same Password” would likely result in downloading malware.

Spoof email in which the sender appears to be legitimate, but the generic Gmail address and the poor grammar reveal this is a phishing attempt.

Spoof email with a legitimate user’s name, but from an unrecognized domain (@st0rrk.com). The hacker is attempting to have payroll directed to their bank account.

This is a fake alert from a web browser that uses a sense of urgency to bait users into providing their credentials (username/password) to a hacker.

Employees are your first line of defense to avoid a cyber attack, but many times employees don't realize the role they play in avoiding ransomware attacks. It's important for them to know their responsibility and how they help keep the company safe. If you want to learn more about building the safe culture, join us on March 31st at 11 am EST to hear from leaders in protecting against cyber attacks. Here is a link to register.

Written By: Matt Benson