How to stop and avoid phishing emails

Our partners at Sophos have outlined some data and info that we are sharing around Phishing – and it’s not the catch-and-release kind of fishing most of us are used to…..

Phishing is a big issue that we all need to be aware of – and play our part in stopping. It impacts both your organization, but also your personal life too. Cyberattacks are becoming more prevalent than ever, and they are getting ever more crafty at getting around cybersecurity defenses.

Phishing is an attempt to trick you into doing something to benefit the crooks, usually through email.

In a recent survey of 3,100 companies across 12 countries, 68% said they had been the victim of a cyberattack that breached their network. So that’s two in three organizations hit by a cyberattack. It’s a huge issue – and we are all part of the solution.

The survey also revealed that 91% of organizations were running up-to-date cybersecurity at the time of the attack. So despite having protection in place, the attackers were able to find a way through.

And this is where phishing comes in. Phishing is one of the most popular approaches that attackers use to trick employees into getting around a company’s defenses.

Overwhelmingly, cybercriminals are interested in money. Either they’ll extort money from you or the company using ransomware or social engineering, or they’ll steal data and credentials that can be sold on the dark web.

And what started as simply “phishing” has now evolved into two main tactics of a phishing attack – Mass Phishing and Spear Phishing.

Mass phishing attacks particularly target you as individuals: your data, your money, your credentials.

These attacks are largely opportunistic, taking advantage of a company’s brand name to lure the brand’s customers to spoofed sites where they are tricked into parting with credit card information, login credentials, etc. personal information that will be later resold for financial gain.

• Typically impersonal batch and blast emails

• They’re focused on stealing personal data, such as login credentials that can be sold on the dark web

The other kind of threat is the spear-phishing variety, where emails impersonating a specific sender or trusted source are sent to targeted individuals within organizations to try to get them to take certain actions, like sending money to spurious accounts.

These are usually harder to spot, with spoofed email addresses that look like the real thing used to fool you into replying or clicking.  They also particularly target businesses.

Ten Tell-Tale Signs of Phishing:

  • Just doesn’t look right – something feels off, so trust your instincts
  • Generic Salutations – “Dear Customer” instead of your first name
  • Official looking site asking you to enter sensitive data
  • Unexpected email with specific info on you
  • Unnerving wording to trick and scare you
  • Poor grammar, spelling and improper punctuation
  • Sense of urgency
  • “You’ve won the grand prize”
  • “Verify your account” – always question why you are being asked to verify, there’s a good chance it’s a scam
  • Cybersquatting – listing the url as something that looks correct at quick glance, zero instead of o, .net instead of .org, etc.

If you feel like your organization needs help in training your employees on how to spot the signs of phishing emails, contact us. We have the tools to implement a campaign to test your organizations strength when recognizing these threats.