A phishing attack is a fake email designed by cybercriminals to look like it is coming from a legitimate brand or company with the goal to get the user to click a link, download an attachment, or enter their credentials. The reality is that all phishing attacks rely on human interaction and trust. Read through 4 ways you can avoid falling victim to a phishing attack.
1. Verify
If you receive a message that seems abnormal, always double-check with the sender on the phone, or message them to verify their request.
For example, an email that comes from corporate IT and tells you to download new software; it appears real and is on topic. But would that really be the process your IT department would follow?
2. Slow Down
We all receive so many emails that we have become accustomed to skimming messages and making quick decisions. Always be sure to take a moment and think about the email you received. There may be clues hidden beneath the surface of the message that are red flags.
3. Scare Tactics
Many phishing campaigns are based on scare tactics that spark an emotional response. If anyone presses you to take immediate action, proceed with extreme caution. Criminals use scare tactics in order to prevent you from thinking and acting slowly.
Watch for: bank account suspensions, past due invoices, tax refunds, and winning the lottery.
4. Requests for Credentials
Any email that comes to you and requests your credentials, unless you have requested this action from your own account, never ever enter them.
Requests for username and passwords via email are by far the most common attempt to capture your credentials. If an attacker has access to an account with administrative privileges, then they're able to spread laterally throughout the network encrypting confidential data and accessing systems.
If you do enter your credentials, notify your IT department or provider immediately so that the password may be changed.
What does a Phishing Email look like?
Below you'll see a phishing message that appears to be from the receivers PayPal account.
Note the red flags: the domain is incorrect, the grammar is poor, and they are using a scare tactic to get the user to click on the link.
When in doubt, delete it. If request is legitimate, the sender will contact you again and through a different medium.
Free Takeaways: Phishing resources to share with your users
Turn Your Weakest Link into your Strongest Defense
With a staggering 1 in every 100 emails identified as a hacking attempt, it is essential to educate all users about the security threats they face and what they can do to keep confidential information safe.
iV4's Security Awareness Training Content Bundle provides over 10 pieces of content covering a variety of security topics in a language that end-users can understand.
