One of the biggest threats any organization today will face is a phishing attack. According to Retruster, phishing accounts for 90% of data breaches, and around 1.5 million new phishing sites are created each month. With today’s resources, hackers can put together extremely sophisticated plans, leaving even the most diligent employees and companies at high risk.
Why do so many become victims of a phishing scam? In some cases, workers are not thoroughly trained on how to decipher a phishing email. On the other hand, workers may be too confident that they will never be a target for an attack. The truth is, everyone is a target to a cyber hacker, but don’t let it overwhelm you. There is one thing that all organizations can do right now to decrease the risk of a breach affecting not only your business, but all companies involved: Learn how to tell if an email is safe.
It sounds simple, but many companies haven’t actually sat down with their employees to teach them the ins and outs of picking apart a phishing email.
Below are 5 ways that your workers can immediately recognize a suspicious email, and in turn, save your company from what could turn into a costly consequence.
1) Check the grammar. Take into consideration the fact that an important email would likely be written concisely, and spell-checked! Often times, scam emails will even spell your own name wrong, which is one mistake a business would try hard not to make. Analyze the tone of the email. Does the language make sense? If peculiar words are used, or absurd text sizes and fonts, consider it ‘phishy’.
2) There is an unexpected attachment. Does the email excessively prompt you to open an attachment? You could be a single click away from getting hacked without even realizing it. If you’re torn because the email appears to come from someone you know, contact the supposed sender via phone call.
3) Forceful sense of urgency. If the email comes on strong with warnings about what will happen if you don’t follow up, something may be up. This is especially common around tax season; companies will be threatened by the ‘consequence’ of a massive fine being due if they do not comply. Remember, hackers are smart with their timing. They study hard and try to line up their bribes with your company’s personal mission.
4) Hover over links. When you’re prompted to click on a link, hover over it. A small window will pop up and show you where the link leads to. If this link does not match up with what you are expecting, just don’t click it. If you do happen to click on a link and it redirects you elsewhere, exit out and leave it be. Make sure to also examine the email address of the sender.
5) Sender asks for personal info. While it may seem obvious, these types of phishing attacks can be surprisingly convincing. A hacker will ask you to simply confirm your information, or disguise themselves as your bank, which can be easy to want to respond to if the it feels like you are at a great risk. The irony lies in the fact that you will only face a risk if you respond to an email requesting such personal information.
In 2019, companies faced phishing attacks left and right. While more users became aware of scams, hackers became aware of vulnerabilities. 2020 is the time to stay highly diligent and protect your business. Go with your gut, and if you’re even the slightest bit suspicious, do not respond to the email. If they truly came from a trusted peer, the sender will almost always contact you again if it’s urgent, and remember, you can always reach out to them (in a way other than responding to the email) if you’re unsure. There is no harm in being safe, and spreading the word about phishing scams to fellow organizations.
Still feeling unsure about cybersecurity risks in 2020?
We understand, and we’re here to help alleviate some of the stress that comes with trying to prepare your organization for these inevitable threats and challenges. That’s why Prestige IT is offering a ($1,500 value) phishing simulation for free. In this simulation, we will spend time assessing your business so that you can understand at what levels your organization is a target, and receive a report including recommendations.