Previous: Leadership Q&A: Moonsun Park– Not your average CFO Next: When it Comes to Cybersecurity, Don’t Forget the Printer Danielle Cerny / Wednesday, October 13, 2021 / Categories: Blog, Cybersecurity How to Catch a Phishing Email Phishing was the most common type of cybercrime in 2020 according to the FBI. Cyber criminals took advantage of our state of unrest and found ways to profit from our heightened dependance on technology. With $4.1 billion in profits, internet crime is a lucrative business to be in. As cyber criminals get more savvy in the art of deception, these emails are getting harder to recognize. They are no longer desperate requests for money or a plea from an offshore prince. They are simple messages with a simple objective – to get you to click or respond. Email is a key that cyber criminals can use to comprise you or your employer’s sensitive data - and bank account. It’s time to for us to treat it as such by analyzing every email received to catch phishing attempts. After practice, it will become second nature. Here are a few tips to follow in order to take back our inboxes: CHECK WHO IT’S FROM. Be wary of an email if: It’s new to the inbox party – not someone you normally communicate with It’s not related to your normal job responsibilities The from address is the name of someone in your organization but something looks off such as the format or the domain (@Sharp.support.com vs. @Sharp-support.com) CHECK THE “TO” FIELD. Suspect an email that: You were cc’d on and you don’t know the other folks it was sent to Has you as part of a group that you’ve never seen before or doesn’t apply to your job Ie. You are in sales but the group name in the To field is “HR-Benefits” or “Sharp-Finance” Is sent to a random assortment of people at your company, for instance a group that has last names that start with the same letter CHECK THE DATE FIELD. If Bob sent you an email at 4:00 am, and you know he’s not a morning person, it could be a phishing email. CHECK THE SUBJECT LINE. Subject line indicators of a phishing email would be: If it sounds strange or doesn’t match what you’d usually read from this person It does not match the message content It’s a RE: to an email that you never sent or requested It’s something unrelated to your job function EXAMINE THE MESSAGE BEFORE CLICKING. The email is probably spam if: The sender is asking you to click a link or open an attachment to find out more information The email body has terrible grammar and spelling errors The email body contains almost no information, and they are trying to bait you to respond The sender is asking you for sensitive personal information that you were not expecting INSPECT THE HYPERLINKS. The email is most likely phishing if: You hover your mouse over the link in the email and it shows a different website The body of the email is mostly or only a hyperlink The hyperlink is a misspelling of a well-known website like www.bankofamerican.com instead of www.bankofamerica.com INSPECT ATTACHMENTS BEFORE OPENING. After examining the above aspects of the email, think about the attachment. If you weren’t expecting the attachment or it doesn’t make sense, do not open it If it’s a weird filetype, do not open it In Q3 2020, the most common type of malicious files attached to phishing emails were 1. Windows executables (.exe), 2. Script files (.wsf), 3. Office documents (.docx/.xlsx/.pptx), 4. Compressed archives (.ZIP, etc), followed by PDF documents (.pdf) and Java files (.java). In 2020, 74% of organizations in the United States experienced a phishing attack. This is 30% higher than the global average, and 14% higher than 2019. While we can’t stop hackers from using this method to gain access to our systems, we can make sure that we are well informed and practiced in the art of catching a phishing email. Always be on alert, especially if you receive an email that you are not expecting. Never reply to suspect emails but rather report them to your IT department if the email fails even one of the above warning signs. Download a printable sheet of these red flags for your desk as a reminder. Tags: cybersecurity Security Phishing cybercrime Related articles 3 Steps to Enhance Your Business’ Cybersecurity in Light of the Recent Russia-Ukraine Conflict 6 Tips for Keeping Cyber-safe on Cyber Monday IT Security in Today’s Hybrid Office Here's How to Keep Important Emails Out of Your Spam Folder 5 Tips to Help Prevent Cybersecurity Threats Please login or register to post comments.