Phishing attacks are generally sent via email and a lot are caught in your spam filter. But not all! A recent study showed that over 95% of phishing attacks in 2017 contain a nasty type of malware called ransomware that will encrypt your files until you pay them a ransom in cryptocurrency like bitcoin. This can be very disruptive as it can affect an individual or possibly your whole company and may result in you losing days of work depending on your most recent backups or much worse if you have not been keeping regular data backups.
Because these attacks come in the form of emails, it is critical that your employees are educated and tested regularly. Especially since the social engineering and techniques of these emails have improved tremendously over recent years. In the meantime, Here are four questions to ask yourself about each and every email that you see hit your inbox to determine if it may be a phishing scam.
1. Is it Urgent?
Phishing emails are typically written with a sense of urgency. They may say something like “Do this immediately” or “respond within the next few hours” This type of language should be a red flag, even if the sender is someone from within your company or someone you do business with outside of your organization.
2. Is It Grammatically Correct?
Phishing attacks often come from another country and If this is the case, the phrases may look weird and the grammar might not be 100% correct although again, we have seen this improve tremendously over the years.
3. Is the Sender’s Email Address Correct?
If it’s a spear phishing attack – which is more targeted – the email might come from a source you know. Or it could come from a company you do business with. Because of this, it’s important to pay attention to the email address – to review it carefully and ensure its accuracy.
Is the name spelled wrong?Does it come from a weird domain?Are there numbers that aren’t normally there?
4. Is the Call To Action Normal?
Most phishing emails will ask you to do something – download an attachment, give up login information, provide personal or financial information. If this is the case, ask yourself if it’s normal. Is it traditionally the way this type of thing is handled? If not, you should think twice about carrying out any call to action.
Nocserv provides regular security training to the staff our clients and also conducts regular phishing tests to help ensure that your employees are vigilant and educated. For more information about our cyber security services please visit our website at www.nocserv.com/securityor give us a call at 713-524-1800.
Source: New feed