Where IT and Security Professionals come together to make the world a more resilient place.
Mimecast provides anti phishing software as part of a comprehensive, SaaS-based service for email security, archiving, continuity and compliance.
For employees, knowing how to spot phishing attacks can help to protect against being duped by hackers. It can also help to defend their company from substantial loss of revenue, legal fees, regulatory fines and loss of business.
Understanding how to spot phishing attempts starts with understanding what phishing is. A phishing attack is a scam that uses email to trick recipients into clicking on a link, opening attachment or otherwise taking action that produces harmful results. These emails appear to come from a source the user normally trusts – a bank or credit card company, or a shipping company for example. The email may ask users to do something simple like change the password on their account, or provide personal credentials in order to get access to information.
What is spear phishing? Spear-phishing is similar to a phishing mail attack but targets a specific individual with information learned about them from their web presence. Spear-phishing email may appear to come from a friend or a trusted business colleague. In the case of CEO fraud phishing, the email sender may seem to be a chief executive or chief financial officer, asking the user to transfer money or to share privileged information.
Successful phishing and spear-phishing attacks can cost a company millions of dollars, destroy business reputations, undermine customer trust and result in legal action and regulatory fines. Clearly, knowing how to spot phishing attacks can help to prevent these devastating consequences.
Here are a few phishing tips that can help users understand how to spot phishing techniques.
1. Look for inconsistencies in links, addresses and domains. Phishing emails often have email addresses that are different than the name on the email account. They may also use domain names that appear to be slightly off in some way. Users can hover on a link to check the address before clicking – oftentimes, links will lead to sites that have nothing to do with the purported sender's domain.
2. Watch out for bad spelling and grammar an unfamiliar language. Phishing attacks often originate in other countries – watching out for unfamiliar language or inaccurate spelling can help to identify phishing emails.
3. Be suspicious of demands for urgent action. Phishing attacks often demand an urgent response and may even threaten recipients with negative consequences unless they respond immediately.
4. Be wary of attachments. Be completely sure of a sender's identity before opening any attachment, even from one that appears to be from a trusted source.
Even with intensive training on how to spot phishing attacks, in the fast pace of the business day, many employees will inadvertently click on a link, open an attachment or share sensitive information in an email reply. That's why, in addition to providing training on how to spot phishing attacks, it's important to have automated anti phishing solutions that protect employees from these dangerous threats.
Mimecast provides anti phishing software as part of a comprehensive, SaaS-based service for email security, archiving, continuity and compliance. Mimecast's technology automatically blocks malicious URLs and suspicious attachments, and identifies anomalies in email content, headers and domains that may signal a phishing or spear-phishing attempt.
Mimecast solutions are easy-to-use and can be quickly implemented – as a cloud-based solution, there is no hardware or software to purchase and no capital investment to make.
Learn more about how to spot phishing attacks and about Mimecast's anti-phishing technology.
