I was asked a question at a recent event about how to identify a ‘phishing’ email. Now, for some of us this might seem obvious to but never assume anything. Particularly when you take a look at some of the statistics.
Here’s why this is so important. According to research by Verizon ( Data Breach Investigations Report, 2018). 92% of Malware (malicious software) is delivered by email. Someone clicks on a link or opens an attachment in your company and all manner of bad stuff can happen.
Couple that with a study by Duo in 2016 based on testing employees. About a third of the workforce will click on the link. Now that for me is a huge red flag but one I think that can be resolved.
The scammers are throwing huge amounts of attacks at us and probably in the knowledge that a high percentage are going to get a reaction. Just working the numbers alone, if we can reduce the effectiveness of this type of attack by being alert and watchful then we can start preventing the devastating effects of cyber crime It seems to me that education and awareness are key and if we can get that bit sorted then we can see a reduction in the apparent success of this type of criminality.
Things to look out for.
Words common in the title are as follows; Payment, Urgent, Request, Attention, Important, Confidential and Immediate response.
Spelling and Grammar is likely to be poor.
Images and titles may be wrong.
There will be a suggestion that you need to do something right away (or else).
What you can do.
Take the time to review the email, don’t be rushed, look at the senders email address AND carefully. Often it is the case that email aliases are used and by ‘hovering’ over the email address itself it will reveal the original (depends on the mail program).
Still not sure, don’t click, don’t open. Someone is sure to call if it is genuine.
We can help with training your staff and we also offer Cyber Risk Analysis. Please feel free to take a look on our website.