One of the modern age’s most prevalent problems is phishing. It is a type of cyberattack, involving emails that impersonate companies or individuals seeking sensitive information from unsuspecting people.
We’ve put together the following list by email sections, outlining key red flags to be aware of when scrutinizing emails. This can help you in a spear phishing attack (or any type of attack). Remember to remain cautious, even if the email appears to be from a familiar sender. While the information may seem overwhelming, we are committed to providing you with a comprehensive solution that your organization will greatly benefit from. Now you know when you get a suspicious email, to always look out for these red flags.
FROM section
Check if the sender’s email address belongs to someone you typically communicate with. Even if the sender’s name matches their signature, scrutinize the entire email address for any inconsistencies. Be cautious if the email is from an individual outside your organization and is unrelated to your job responsibilities. Pay attention to suspicious domain names, such as “micorsoft-support.com,” which may have subtle spelling errors. Always read domain names carefully. The email may come from sources that seem trustworthy, like a government agency (i.e. Social Security Office) or a financial institution like Bank of America. Scammers love using these for phishing scams.
TO section
Take note if you were carbon copied (cc’d) on an email along with unfamiliar recipients. It’s common to see this in phishing attacks. This is a significant red flag that warrants attention. Be wary if the email is sent to an unusual mix of individuals, such as a random assortment of colleagues with last names starting with the same letter or unrelated
Hyperlinks
Hover your mouse over any hyperlinks in the email to examine the destination address. If the link leads to a different website than indicated, this a telltale sign that something is off, and a very common attack, so exercise caution. It is advisable to manually search the first part of the domain name on Google, using spaces to prevent accidental navigation to the site. For example, if the link is “apleserviceprovider345.co,” search “aple service provider 345” on Google and review the top results from trusted sources.
Be cautious if the email only contains long hyperlinks without any additional information, and the rest of the email appears blank. Watch out for misspelled hyperlinks resembling well-known websites and legitimate companies, such as “www.bankofarnerica.com” (where “m” is actually two characters, “r” and “n”). Scrutinize links carefully, as our brains often fill in the gaps when reading familiar words.
Date and Time:
Be alert if you receive an email outside regular business hours that you would typically expect during working hours. This can be a phishing message. While this can vary depending on international clients or time zones, it is worth monitoring such occurrences.
Subject:
Pay attention to irrelevant or mismatched subject lines (like generic greetings) compared to the message content. Discrepancies like these can be indicative of a potential phishing attempt. Be cautious if the email claims to be a reply to a conversation you do not recall initiating. Verify your inbox to ensure the authenticity of the conversation.
Attachments:
Exercise caution if the sender includes an unexpected email attachment or if the attachment does not align with the email’s content. This is particularly true if the sender does not typically send this type of attachment. Be vigilant when encountering attachments with files types that are potential threats. Generally, .txt files are considered safe, but exercise caution even in such cases. If unsure, verify with the sender using alternative communication methods.
Email Content:
Beware of requests with a sense of urgency. Many times email attacks and online scams urge you to click on a link or open a malicious attachment to prevent negative consequences or gain something of value. When in doubt, contact the individual directly through a secure channel, such as a video call, to confirm the legitimacy of the request. Take notice of unusual emails, grammar errors, or spelling mistakes. While cybercriminals are becoming more proficient in their techniques, some may still exhibit linguistic inconsistencies.
Be cautious if the email asks you to perform illogical actions or requests that feel odd. Trust your instincts and refrain from opening suspicious links or attachments or giving out your credit card. Consult with colleagues and inform management if necessary. Never click on links or open attachments promising compromising or embarrassing pictures of yourself or someone you know. Immediately report and delete such emails.
Sometimes a social engineering attack can be an email with a gift card to a known place you are a patron of. Make sure to check your online accounts to spot if it is a phishing scheme.
The Ultimate Solution
We understand that retaining this information can be challenging. To address this, Networking Dynamics has partnered with KnowBe4, the world’s largest integrated platform for security awareness training and simulated phishing. KnowBe4 Security Awareness training offers an interactive and engaging way to educate your organization on these practices so they can protect themselves from all types of phishing attacks. Through monthly mini-games, videos, and other enjoyable activities, your team can retain this critical knowledge.
Moreover, you will gain access to simulated phishing exercises that resemble real phishing schemes. Choose from a range of templates that simulate differetn types of phishing attacks to evaluate your employees’ ability to identify common signs of cyber crimes effectively. KnowBe4’s success rate is atonishing. After a year of training they have reduced on average the amount of people that click on scam emails from 32.4% to 4.9%. That is one of the best success rates of the industry!
There is much more to discover about this program, and the best part is its affordability. Click the link below to schedule a call with us, where we can provide you with comprehensive information about the solution and its benefits.
