Gone Phishing: Educate Your Employees Before It’s Too Late
Employees are your first line of defense and your biggest weakness when it comes to cyber crime, which is why it's crucial that they are aware of techniques utilized to phish them. Phishing tactics are evolving along with technology, however there are several approaches that have been consistent over the years.
The following 6 techniques are very common among phishing emails, and every member of your organization should be able to spot them.
Subject lines are your initial point of contact with any email that you recieve, and cyber criminals make the most of this fact. It is common that phishing emails feature enticing or aggressive subject lines as a way to hook in potential victims. If the subject line can create a sense of urgency or appeal, then it is much more likely that the email will be opened without much critical thinking.
Some commonly used subject lines for phishing emails include phrases like, “security alert”, “change of password”, “delivery attempt”, and “urgent”. These subject lines catch recipients off guard and increase the chances that they will open the email, creating vulnerability.
It is common to see an impersonal greeting at the top of a phishing email, which should be taken as a red flag. These greetings are typically very generic as opposed to using your actual name. Although it is possible for your name to show up in a phishing email, you should be wary of any email that seems generic, using a greeting such as “Dear valued customer”.
Grammatical and styling or formatting errors are frequently a feature of phishing emails. There are a couple reasons for this. First, it is common that these emails are written by individuals who aren’t native english speakers, or professional copywriters. Secondly, there are benefits to spelling and grammar issues, as they allow emails to pass through spam filters undetected. The upside here is that if you notice a poorly written email that is claiming to come from an official source, consider the fact that it might very well be a phishing attempt.
The link destination can be a huge red flag when trying to spot nefarious emails. If the link destination doesn’t originate from the official domain of the organization it is claiming to come from, it is likely spam. Always pay close attention to the link destination as it can be leading you to a dangerous digital location.
Demand of Action
If an email is demanding immediate action, there is a good chance that it is spam. Most organizations don’t try and scare you into making quick uninformed decisions. This is why you should be wary of an email that attempts to lure you into taking an immediate action. They are likely attempting to inspire you to do something without properly considering the potential outcome.
Images & Logos
An image or logo can make an uninformed individual feel comfortable, as they might recognize the imagery. Just because an email features images or logos that seem to be legitimate, doesn’t mean that they actually are legitimate. Logos are extremely easily to incorporate into an email, which makes their appropriation a common tactic among cyber criminals. Don’t let a logo make you feel safe, and make sure you confirm the legitimacy of an email before allowing an image to influence your behavior.
If you're looking for additional solutions, check out our cyber crime lunch and learn where we give you real world tactics to mitigate the risk of cyber crime!