Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. According to PhishMe research, “91% of the time, phishing emails are behind successful cyber attacks.”
The overwhelming majority of security breaches caused by phishing are completely avoidable. While cybercriminals have grown more sophisticated in their approach, the average attack consists of the same key ingredients: an undereducated employee, effective bait and a temporary lapse in judgment. While we are in the business of securing an organization’s entire network and protecting them from any threats whatsoever, there are some initial steps that will safeguard a company without costing much time, energy or capital expenditure. These measures we’d like to share are extremely easy to implement and are excellent first steps in protecting a company from cybercrime.
The “From” Field
The first sign to look for is the sender’s name in the “From” field of the email. Cybercriminals often use misspelled email addresses, such as JohnnyStealyastuff@gmaail.com, for example, in order to deceive the receiver into thinking that the email is coming from a reputable company. At a quick glance, many recipients won’t recognize the typo in the address field and they’ll open the email which opens them up to the bait.
Hover Your Mouse Over Link
The next step for employees is to hover their mouse over links, instead of clicking them without thinking about it. Lots of hackers use very long links or they hope that the recipient will just click on the link right away instead of previewing the destination by hovering above and making sure that the domains match where they expect to be directed. If the preview link looks suspicious, that’s probably because it isn’t a legitimate offer. We recommend deleting these types of emails.
Look in the Footer
The final step for employees is to look in the footer. One of the current laws around email marketing requires senders to leave a physical address within the footer of the email. This is often left-out by cybercriminals and is a very easy way to tell if the email is a phishing attempt. Furthermore, there should also be an “Unsubscribe” button at the bottom of the email, which is another step that most hackers ignore.
By simply addressing these three initial steps, SMBs can avoid the vast majority of cyber attacks coming at their business. They are some of the simplest, yet most effective ways of minimizing risk within an organization. If all organizations were even this educated about cyber attacks, we would see a dramatic drop in incidents. Contact us or give us a call to find the right solution for your business.