As phishing and spear-phishing attacks continue to successfully breach security in companies worldwide, IT teams everywhere are eager to share phishing tips with employees that can help to prevent them from being duped by attackers.
Phishing is a common email-borne attack where the sender appears to be from a trusted source that the recipient often interacts with – a bank, a credit card company, a delivery firm or the IRS are common examples. The email may ask the employee to reply with sensitive data, or direct them to login to a website to gain access to information, to reset their password or to avoid a negative consequence of some kind.
What is spear phishing? Spear-phishing is a more targeted form of a phishing attack where hackers research the recipient online and craft an email that is personalized and appears to come from a friend or a trusted colleague. CEO fraud phishing is an even more targeted spear-phishing campaign, where hackers who are impersonating a chief executive officer or chief financial officer dupe employees into sharing sensitive business data or transferring money to fraudulent accounts.
Phishing tips that educate users about these threats and teach them how to spot phishing techniques can be helpful in preventing a good many attacks. But a word of caution: phishing tips alone may not be able to stop every mail attack, every time.
Many attacks can be identified by adhering to these phishing tips.
1. Always double check before sharing sensitive information or transferring money. Phishing email will often have an email address or domain name that is slightly different than the purported sender's real address. Double checking with a sender using an email address you know to be legitimate can help prevent a world of trouble.
2. Be suspicious of poor grammar and spelling. Many phishing campaigns originate in countries where English is not the first language. Consequently, phishing emails often contain irregularities in grammar or spelling.
3. Don't click on links or open attachments unless you are sure they're legitimate. This is one of the most important phishing tips. Users can hover over a link to see the address it directs to – in a phishing email, the address will often have nothing to do with the purported sender's domain. And before opening attachments, triple check to make sure the email is from a real source.
Phishing tips alone can't protect an organization from phishing and spear-phishing attacks 100% of the time. That's why Mimecast offers anti phishing technology in a cloud-based subscription service that is part of a comprehensive solution for email security, archiving, continuity and compliance.
Mimecast's anti phishing software scans all inbound email in real-time to look for anomalies in headers, for domain similarity and for suspect content in the body of an email. Mimecast also inspects character sets in the email domain name to look for differences that users may not be able to spot. Suspect emails can be discarded, quarantined or sent onto the user with a warning that the male may be suspicious.
Learn more about phishing tips and about Mimecast anti-phishing solutions.