The rate of cyber-attacks is increasing and happening to businesses of all sizes. Our goal is to protect businesses against these attacks, which can be difficult if the employees are not properly trained to identify potential threats. I’ve spoken previously about Security Awareness Training in some depth, but you can use this ‘at a glance’ list of seven red flags to look out for:
1. “From” Line
The first thing to pay attention to is the address you are receiving the email from. Pay close attention to the sender because the person may appear to be someone you know but, it could be a spoof. A quick example of this could be:
There is a double ‘l’ in the spoofed email instead of an ‘i’, therefore at a quick glance it appears legitimate, but the domain is not correct.
2. “To” Line
If there are lots of names in the ‘To’ line, or your email address is being ‘cc’ on an email you are not expecting, that should be a red flag
This to some extent, is an easier one to spot. Most of us are cautious of clicking on an embedded link within an email unless we are sure it is from a trusted source. To be sure, before you click on a link, hover over it with your mouse to see the destination URL. If the URL has no relevance to what the email says, don’t click on the hyperlink. If you still think the email was from a trusted source, call the person who sent the email to be sure it actually came from them.
You come into work, and first thing most of us have to do is check our emails. If your inbox is like mine I have quite a few, but before opening or clicking on an email look at the time you received it. Is this a normal time to receive an email from this person or company? If not, this is an indication of a potentially spoofed email.
Phishing attempts typically increase around public holiday’s, or end of a tax year when financial information is being shared or online shopping sees a surge.
As a rule of thumb, do not open attachments that you are not expecting. Ask yourself, does this sender usually send you attachments? Another red flag is if the attachment has a strange file type such as .exe or a duplicate file type such as .xls.xls.
If the subject line seems suspicious, such as “Need wire transfer now” or “Change password immediately”, validate the source before you take any action. The subject may also be irrelevant to the email content, which can be another red flag.
Hackers want to instil fear to prompt an action from you, like your Google email account has been compromised and you need to change a password or update some information. Also, if the grammar or spelling are incorrect and the email seems out of the ordinary, confirm the legitimacy before you click on links or download any files.
- never click on links
- download files
- or transfer money
…unless you are sure the email is legitimate.
If you haven’t before, you must take email hacking seriously. Having proper spam filters and firewalls installed are vital, but lack of employee education is what makes it difficult to properly secure an environment.
Speak to us about our Security Awareness Training to help you keep your employees alert and vigilant at all times. 0845 094 0010.