Think twice, click once.
Like anything valuable, your personal information is of interest to thieves. With so much of this data stored online today, understanding how to protect it is more important than ever.
In many cases, one of the biggest threats to our data is phishing emails. For those who may be unaware, phishing is a digital attack designed to trick an individual into revealing sensitive information by way of a link.
Just what is it about these campaigns that draw people in? Most commonly, they are sent as urgent messages from nearly identical, trustworthy addresses. One may appear as an individual or company the receiver would ordinarily communicate with. Cybercriminals operate this way to prey on your vulnerability. The attack is aimed to trick people into speaking or interacting with them. They communicate in a way that would remain confidential but more times than not, lead to a bug entering your computer. A common example of a phishing attack could be framed as a colleague sending an unusual link that you are urged to click. Many of us may fall prey to a scheme in that sense, but those are no different from an obvious scheme, like those “click NOW to collect your prize” messages.
Time and time again, experts say these emails will have a sense of urgency, making us more likely to click. These links offer an attacker access to your computer; so, clicking, or entering information will always be the email’s priority. Additionally, the actual subject lines of these emails typically contain command words that immediately draw our attention.
They could start with the word “IMPORTANT” in all capital letters or any other immediate call to action phrase. This was a popular campaign at the height of the COVID-19 pandemic, largely because hackers preyed on employees who regularly received emails on changing office protocols or demands.
Since email phishing has become a concern for employers – KnowBe4 has created a list of the Top 10 Most-Clicked General Email Subject Lines in the past quarter – all of which could have easily led to a ransomware attack. They include:
- Password Check Required Immediately
- Revised Vacation & Sick Time Policy
- COVID-19 Remote Work Policy Update
- COVID-19 Vaccine Interest Survey
- Important: Dress Code Changes
- Scheduled Server Maintenance — No Internet Access
- De-activation of [[email]] in Process
- Test of the [company name] Emergency Notification System
- Scanned image from MX2310U@[[domain]]
- Recent Activity Report
Now that you’re aware of the top techniques hackers use to manipulate emails, you should also learn how to spot-check legitimacy when your instinct tells you something isn’t right.
Top 4 Tips On How To Stop Phishing Emails:
- Look for misspellings in the email address – specifically your colleague’s name and the email domain after the @ symbol.
- A glance at the time the email was sent – was it during non-work hours?
- Does the email have an unnecessary urgency to it?
- Did it come from someone you don’t typically work with, and does it contain a request that does not pertain to your role?
Protecting both personal and professional data is possible through diligent efforts by all parties involved. Teach your employees about the best practices in spotting suspicious emails to ensure you don’t fall prey and learn how to stop phishing emails. PrestigePEO can help guide you through HR management including security awareness training!
Resources:
https://blog.knowbe4.com/infographic-q1-2021-users-savvy-to-covid-19-phishing-scams
