Phishing
Beware of Unexpected Emails
Phishing emails are currently one of the most prevalent risks to the average user. The goal of a phishing email is to gain information about you, steal money from you, or install malware on your device. Be suspicious of all unexpected emails.
Check Email Sender
The from address is different from the display name. The display name can be anything the sender wants to write and is not evaluated as part of the email authentication protocols, while the from address is what is typically evaluated for email authentication.
Make sure there are no “typos” or misspellings in the from address domain: if the company name is misspelled in the from address, that’s not a typo. It’s probably a phishing email..
Verify Hyperlinks
All phishing emails include a payload that could be either an infected attachment or a link to a fake website. These payloads are designed to collect sensitive information such as login passwords, credit card data, phone numbers and account numbers.
Most phishing emails contain URLs that lead to a page where one must input financial or personal information or ask for a login and password. To avoid falling for such scams, one must learn to verify where links lead before clicking.
Control you are the Recipient
If users take the bait and click the link, they're sent to an imitation of a legitimate website. From here, they're asked to log in with their username and password credentials. If they are gullible enough to comply, the sign-on information goes to the attacker, who uses it to steal identities, pilfer bank accounts, and sell personal information on the black market.
Legitimate companies don't use generic greetings!
Check Suspicious Attachments
Some malicious files come in file formats such as .zip, .exe and .xlsx.
Web browsers include settings to restrict access to dangerous websites using alert messages. Ignoring these warnings could be extremely dangerous because a phishing attack may arrive as an attached file. Check if these files are expected or if the source is trustworthy.
Always keep an eye out for anything odd in the attachment.
Grammatical Errors
One of the best ways to detect phishing attacks is to check for poor spelling and grammar in the email content. The goal of phishing is to appear genuine enough that individuals would click on the link and provide account information. A genuine organization email should be nicely worded.
Although no particular word is misspelled, the statement might contain several grammatical mistakes that a normal speaker usually would not commit.
Still use logic
Although everything looks good with the contents and the email-grammar is correct, the email could be still not legitimate.
Attackers can mix fake links with real links in spoof emails, such as the legitimate privacy and terms of service for the site being impersonated or an unsubscribe link that may appear secure. URLs can be sneaky, so hover the mouse over the link to discover what the actual URL.
Contact us to discover more!
PSYND is supporting customers with personalized awareness training, phishing campaigns that could be held both on-site and remotely.
Doesn't matter if your goal is to achieve compliance or to increase your cybersecurity awareness, we are here to help, contact us today!
Ask for a Demo Today!