The topic of phishing circulates news briefs, social media and government board meetings. It’s a hot topic, often talked about because of it’s relevance. It’s relevant, but it’s not a new story. The crafty workings of phishing campaigns have surfed the web for many years. Large businesses like Netflix, Google and DropBox have fallen victim to their strategic maneuvers.
What is phishing?
The United States Computer Emergency Readiness Team identifies phishing as a form of social engineering that uses malicious emails to obtain personal information from an individual or company by posing as a trustworthy organization. These activities are often campaigned through email communications, but they also encompass voice messaging and social media. You can take Britney Spears’ Instagram malware comment link as a recent example.
Wombat Security’s 2016 State of the Phish report commented that:
“85 percent of organizations have suffered phishing attacks.”
As you see here, the story of phishing campaigns are too common. Yes, too common. As phishing becomes more popular, we should seek ways to eliminate this threat before it attacks our valuable assets.
According to Verizon, the vast majority of data breaches begin with a targeted phishing campaign against a business. With this said, it’s more important than ever to be able to identify well the possibilities of a phishing campaign when it arrives into your mail inbox. Straight from Intel, we learn that 97% of people around the world cannot identify a sophisticated phishing email. What! If phishing emails are as important as mentioned in these statistics, then managers, employees and the everyday consumer needs to learn how to identify a phishing campaign on the spot. We have you covered with these 6 ways to identify a phishing campaign.
Emails with generic greetings.
An email shows up in your inbox indicating that it’s from your private bank. It’s unusual, because you bank doesn’t often send out random emails. Businesses are pretty serious about their marketing efforts. If an email appears that seems very generic, it’s most likely a phishing campaign. It’s uncommon for a professional business to send out emails that are very generic.
Emails with poor spelling and grammar.
This reg flag is in conjunction with the already mentioned generic greetings. Messages from professional businesses are spell checked for grammar and spelling thoroughly. So, if a message arrives that has simple words misspelled, you can bet that it came from a malicious source.
Emails requesting personal information.
The email might display a fancy header and formal writing, but it remains to be a bad sign when the email asks for specific personal information. Business don’t ask customers to send important contact and banking information to them through email. This is just unheard of. If it happens to you, it’s safe to say it might be a phishing campaign.
Emails requesting an urgent response.
You just won the lottery, and you have less than 24 hours to collect the money. First, did you enter the contest? Second, why is it so urgent? Malicious criminals like to instill anxiety, fear and urgency to encourage you to make irrational and impulsive reactions. If the email is requesting an urgent response, it’s likely that it’s coming from a bad source.
Emails that sound too good to be true.
Like we learn in life, if it sounds too good to be true, it mostly likely is. You just won the lottery without entering. That seems like a wonderful and rare occurrence. Keep this in mind: If it seems too good to be true, it most likely is.
Emails with spoofed links.
Spoofed links are one of the best ways to determine if an email is phishing. Take your mouse and hover it over the top of the URL. This will show you the actual hyperlinked address. Once you see the link, look to see if it contains a child domain name. This is when the domain shows a double name. This is often used with large business like Google. For example, it can read like this: whatever.google.com.maliciousdomain.com. If you look hard enough you’ll see this difference.
It’s very important to train employees on how to recognize malicious emails as they arrive in their inbox. As the threat builds and criminals become strategic, having an effective information technology security plan and consistent phishing training can mean life or death for your data.
#Infographic. 6 ways to identify a #phishing campaign. – CLICK TO TWEET