Phishing is a major security threat for modern businesses. Knowledge of what is, and isn’t a phishing email varies, with many employees at risk of falling foul to malicious emails.
Check out these brief pointers to help employees discover what’s legitimate and what isn’t when it comes to their inbox.
Check the address
It may sound obvious but is the email address one you recognise? Take a look at the domain name, if it varies slightly from the usual then think spam.
Often cyber criminals will try to mirror official websites by setting up dummy accounts, hoping to dupe the recipients into providing data and/or money.
What info are they providing you with?
Even a sophisticated email won’t likely have used your full name or provided an account number or other specific details, so if your team receives an email from an unrecognised account which doesn’t feel right, remember a genuine email will likely use specific details (think full name, customer orders, PO numbers etc.)
Does the email in question visually match the emails you’ve had from a company previously? If not, approach with caution.
Phishing emails could replicate the look and feel of a big brand (such as a bank or major corporate) but they’re unlikely to get it right. If it’s not a polished looking piece of email marketing, be wary.
Generally speaking, phishing emails aren’t always the most well written pieces of content. If the text doesn’t read well, is littered with punctuation mistakes or spelling errors or something just doesn’t add up then this is something any IT department would want to be made aware of.
Make sure employees know how to report any issues quickly before they make their way across your organisation.
Are you looking to take the next steps to securing your IT infrastructure against a phishing attack?
Our Citadel Phishing-as-a-Service options enables companies to safeguard their IT infrastructure against cyber criminals. In particular, our service highlights include:
- Simulated phishing emails to designated employees
- Monthly, Quarterly or Annual Phishing service
- Full managed Phishing campaigns
- Flexible recipient / elastic on per user basis
- Helps to train users to spot phishing
- Report detailing results
- Helps to steer cyber training decision making
- Supports compliance