Email Phishing Awareness

A reminder about best practices if you receive a suspicious email:

  1. Never click links from an unknown sender or from a suspicious looking email.
  2. Never enter your password or private, sensitive or confidential information in a pop-up window or website without first validating the authenticity of the URL.
  3. Check for “HTTPS” on a website URL that you are entering private information into. The “S” denotes secure data transport.
  4. Many emails can be spoofed and appear to be sent from a trusted source, check the email address of the sender to determine if it is a legit source.
  5. If you are unsure, you can start a new email directly to the sender to inquire if the email was sent by them.

Examples of types of phishing emails:

  1. Emails Insisting on Urgent Action
    Emails insisting on urgent action do so to fluster or distract the target. Usually this type of email threatens a negative consequence if the action is not taken, and targets are so keen to avoid the negative consequences that they fail to review the email for inconsistencies or indications that it may be phoney.
  2. Emails Containing Spelling Mistakes
    Emails alleging to come from a professional source that contain spelling mistakes or grammatical errors should be treated with suspicion.
  3. Emails with an Unfamiliar Greeting
    Emails sent by friends and work colleagues usually start with an informal salutation. Those addressed to “Dear XXXXX” when that greeting is not normally used, and those containing language not often used by friends and work colleagues, likely originate from an attacker and should not be actioned or replied to.
  4. Inconsistencies in Email Addresses
    Check the sender email address against previous emails received from the same person rather than trust the sender name. You may have to hover over the sender to see the full email address to verify its authenticity.
  5. Inconsistencies in Links and Domain Names
    Links to malicious websites can easily be disguised as genuine links. Therefore, it is also advisable to hover a mouse pointer over a link in an email to see what `pops up´ as an address. If an email claims to be from (say) a business contact, but the pop up indicates an unfamiliar website, the email is likely a phishing email.
  6. Be Wary of Suspicious Attachments
    File sharing in the workplace now mostly takes place via collaboration tools such as OneDrive or SharePoint. Therefore, emails from colleagues with file attachments should be treated suspiciously – particularly if the attached file has an unfamiliar extension or one commonly used to deliver malware payloads (.zip, .exe, .scr, etc.).
  7. Emails That Seem Too Good to Be True
    Emails that seem too good to be true incentivize targets to click a link or open an attachment with the promise that they will benefit by doing so.
  8. Emails Requesting Login Credentials, Payment Information or Other Sensitive Information
    Emails requesting login credentials, payment information or other sensitive information should always be treated with caution.

Details

Article ID: 1005
Created
Mon 2/8/21 3:47 PM