What is Phishing?
Phishing is a cybercrime in which criminals attempt to gain personal information including passwords, social security numbers, and company secrets, as well as money. These criminals pose as a legitimate company or person to seem trustworthy.
Spotting a Phishing Email
1. The email asks for personal information
A legitimate company will not ask for your password, social security number, or any other sensitive information via email.
2. The email addresses you as “Customer,” “Dear,” “Account Holder,” etc.
A real company or person will address the recipient by name, not by “customer.” This is a simple way to determine a phishing email but may not always be the case. A spear phishing, or more targeted attack, may include personal information about the recipient such as their name and company.
3. The email does not come from a legitimate domain email
The below email is supposed to be from an internal employee, but the email address is that of gmail.
Another example of this is a bit trickier to spot as the scammer uses an email that looks like paypal’s domain (intl.paypal.com) but is not. When in doubt, you can always search the email address on Google to determine if it belongs to a legitimate source.
4. The email provides a link that does not reflect the company’s website
If you hover over a link, it will show you were it leads. If it is anywhere other than the site you were expecting, beware and do not click it!
5. The email contains an unexpected attachment
The rule of thumb is if you were not expecting an attachment and if you do not know the sender, do not open it
6. There are many spelling and grammar mistakes
Real companies know how to speak the language they are emailing the recipient in and take care to ensure their spelling and grammar are correct.
7. The offer is too good to be true
The most popular example of this is the Nigerian Prince scam. The scammer tried to get the recipient to send money to them in exchange for a monetary reward after the situation has been resolved
8. The email incites panic
Many phishing emails will attempt to scare the recipient into falling for their trap. These emails will require some form of action take place or claim that a purchase has been made. The intent is for the recipient to react quickly and throw away all that they have learned about spotting a phishing email.
What to do when you receive a phishing email
If you receive a phishing email take note of the sender and let your IT department know so the sender can be blocked. Do not reply to the email; you should delete it after reporting it.
Testing your employees with KnowBe4
KnowBe4 offers tools for security awareness training to help reduce the amount of successful phishing attempts
For more information, please contact our sales department at (631)476.6500