While the increased use of teleworking has created stress and additional headaches for employees, it’s generated nothing but opportunities for cyber criminals, specifically the “Online Scammers.” That is why the use of “phishing” has absolutely skyrocketed within the last 6 months.
As of 2019, 33% of all cyber breach incidents included the use of phishing scams. However just about all of them could’ve been prevented with the right knowledge and mindset. You first want to focus on the preventive measure, this being some type of email filtering mechanism (which most email servers have automatically) in order to block the phishing emails from coming in. The one issue with cyber criminals, however, is that they are versatile and have quickly adapted to the spam filtering systems. In other words, phishing email designs have become so elaborate that an estimated 90% of them are found in secure email gateways (SEG’s). So next, you’ll need to use detective measures to separate the scam emails from the legitimate ones. Luckily, phishing emails (for the most part) have some universal traits:
● The email URL does not match one from the company domain and/or has some obscure character combinations
● There will often be a story or level of context involved:
○ “We’ve noticed some suspicious activity”
○ “There is a problem with your account”
○ “Your order has not been delivered”
● The email will contain a generic greeting:
○ “Dear user”
○ “Dear valued customer”
● The emails might include some attachments, fake invoices, or coupons
● The email will have some web link for the recipient to “make a payment” or “fix/update account information.” The link will likely have an odd combination of characters.
● The email signature may look basic or bland, especially if it appears to be from a well known company
○ “The Netflix Account Team”
○ “Wells Fargo Customer Team”
● If it’s a well-known company, the logo may look slightly different from what you’re used to seeing
A few other things to keep in mind when evaluating potential phishing scams:
● If it seems too good to be true, (“Click here to collect your free membership”) then it probably is
● If Bob from accounting always calls you when requesting information, but randomly sends an email requesting something sensitive one day, it may be a (spear) phishing scam
● If it actually was extremely important and/or urgent, the person requesting the information would probably call you
You should of course always consult with your information-technology, cybersecurity, or managed-service provider representative in the event of any possible phishing threats.
Sources:
-National Institute of Standards and Technology (NIST)
-Verizon Data Breaches Investigations Reports
-Symantec Internet Security Threat Reports