Preventing phishing attacks during Covid-19 and Beyond.
Phishing is one of the most prominent of cybercrimes in existence. It is a criminal action where people try to trick others into donating to fake charities or services.
Covid-19 pandemic has made matters worse, and there has been a 667% increase in malicious phishing e-mails during the pandemic.
Luckily most email service providers like Google and Microsoft use machine-learning to block more than 99.9% of such e-mails from reaching potential victims, but it’s still important to understand how to identify and prevent phishing attacks.
Google Checklist Of Identifying Phishing e-mails
We take your cybersecurity seriously, especially since so many of us are now working remotely. This is why we’re sharing these five Google recommended checks you can take to protect yourself.
1. Is the Message Sent From a Free Email Service?
No legitimate company organization will contact you with a free email address like Gmail or Hotmail. Individual consultants may do so, but not companies offering products or financial services.
Always check the domain name to make sure that it matches the email address of the sender. If it doesn’t, the message is probably a scam.
To be really sure, also look at the actual e-mail address in the from line of the email.
Addresses like firstname.lastname@example.org or email@example.com are often used in phishing attacks; it’s important to remember that these companies would never use company names before the @ symbol.
2. Check The Domain Name
Anyone can buy a domain name, and there are many ways to create addresses that look real and similar to legitimate companies. For example, www.shop.amazon.com or www.payments.paypal.com The best scammers will also misspell the names of even some of the world’s most well-known corporations to trick people.
3. Poorly Written Email?
Scamming e-mails will often have poor spelling and incorrect grammar. This is usually because many of the cybercriminals are from non-English-speaking countries.
Scammers can easily use spelling correction, but it’s much harder to automate grammar correction – especially in the English language. Also question emails where the context is wrong.
4. Does the e-mail include suspicious attachments or strange links?
Phishing e-mails come in many forms, but the one thing they all have in common is that they either have an infected attachment containing a malware download or a link that opens to a page requesting sensitive and personal information.
Documents can be fake invoices, letters from government offices, that, once opened will install malware on your computer and steal or damage your data in a number of ways.
The number one rule is to never open an attachment unless you are fully confident of where it’s coming from. Also be weary of pop-up warnings about document integrity or asking you to adjust your computer settings.
If you’re still in doubt, hover your mouse over the link in question. If the link doesn’t end in a legitimate company name or looks questionable at all, don’t click on it.
5. Does the email create unnecessary urgency?
Scammers like to make their prey ‘act now’ by creating a sense of urgency. They can do this by sending a final demand for an unpaid bill, or by threatening to suspend services like PayPal or Netflix.
Another method is where false email messages are used from managers in the workplace. Scammers know that employees will open emails and click without thinking when they see high pressure emails from senior management.
Your workplace cybersecurity strategy should encourage employees to stop and assess emails like these. This may sound like an overreaction, but it’s better to be safe than sorry.
Awareness Is The Best Prevention
Spam filters will never be 100% impenetrable. Research shows that human error in judgement will always be a factor. This is why education is critical when it comes to phishing prevention.
Make sure that every member of your team understands the red flags of phishing scams. Encourage vigilance for questionable emails and texts and remind them to stop and think before they click. Help them to understand all the points mentioned above so they can apply best practices and stay safe.
Contact us today, so we can run a free report to see how protected your business is.