Fishing is one of the biggest threats facing companies today, both in network security (95% of attacks are the result of successful fishing) and financial losses (more than 2 billion scam companies have gone over the past two years). Fortunately, consumer education can help reduce the risk of these scams. The more consumers know that there are these types of attacks, the more cases they see and the more advice they receive to identify them, the less likely they are to suffer. Tips for opening a malicious email.
Let’s look at some common types of fishing attacks, along with instructions on how to spot them.
Does the email address look suspicious?
I would like to argue that the most important first step in identifying a phishing email is looking at the source. Before you log in to email content, take a step back and see who sent it.
If you do not know the sender, look closely at the address. And, I’m not just the name of the show; See also the original address and domain. Does it look suspicious? Of course, “suspicious”, is very targeted, but some common red flags contain incorrect words. Tips for opening a malicious email.
See the example email below.
The sender’s name was repeated and did not match the mail and I did not recognize the domain name. I’m very skeptical and I will not click on any of those emails. However, if I do not check the address, I get caught up in the urgency of the message – ignore them and my laptop becomes “forever inaccessible”? But, hackers want you to think. They are playing with your feelings to distract you from the indicator that it is a fake email.
What’s in the email? Do you hope so?
OK, if you receive an email from a stranger, but the sender’s address does not fly red flags? Depending on your character and the type of company you work for, it is not uncommon for you to receive legitimate emails from new contacts.
Instead of listing ways to find out if these emails are legitimate (it largely depends on the situation), it may be more helpful to point out a few things you should carefully consider. Should do. I will use the following email I received as an example.
This email set my fishing radar to undesirable. I have no contact with the company and I did not order anything from them. I have no way of downloading that attachment. Tips for opening a malicious email will be helpful.
This may seem obvious from an external point of view, but it begs the simple question – “Do I expect this email?
Other tips for viewing phishing emails from unknown senders
In the example above there are several other red flags that indicate Phishing Emails. Keeping an eye on these types of indicators can help you identify malicious emails before they become a victim.
Check for digital signatures
It’s no secret that we all recommend digitally signing company emails. The digital signature of the email combines a person’s third-party verified online identity with their email communication. This means that if you receive a digitally signed email from someone you know, you can trust that this email came to them rather than from the fisherman.
How can you tell if an email is digitally signed?
Most enterprise email clients indicate if the email is digitally signed. For example, Microsoft lo look has a red ribbon.
Always check the link before you click
Fishermen like to hide malicious links in hypertext. You should always check the address of the destination before clicking on anything (like a mouse on it). In a previous example of a virus spread, you’ll see links to suspicious URLs – “HTTP: //globalsign.uk.virus-control.com / …”, which is not a valid GlobalSign web property.
Check any attachment
As I said above, take a step back and ask yourself if it makes sense to send this type of file to this person. You received an email from “HR” about your company’s new health insurance plan with the attached pdf … When did you know you changed plans a few months ago? Considering such logic can go a long way in countering these types of target attacks.