If you only read one of our security awareness training articles, read this one. It’s the blockbuster piece. If all else fails in your organization, at least get your employees to think critically of what is being asked of them in emails and take action. It will greatly reduce your security risk.
These are some of the common characteristics of phishing emails. Train end users how to recognize phishing emails and not to engage – don’t click, don’t reply. Develop a policy around what they should do if they receive a phishing email, such as deleting the email and reporting it.
Spoofed Emails
Threat actors are monitoring your email system. They are looking for patterns in your organization: who sends emails to one another? Who sends wire transfers? They can easily source email addresses from your company website or even from .xls or .pdf documents via a google search on your company domain. Your email and those of your peers are out there. Therefore, you can’t trust anything sent via email without analyzing it first.
Urgency Is the Reddest Red Flag
Any email that says, “login immediately,” “click here now” or “action required” is bogus. Nothing via email is urgent – that’s the whole point of email – it waits for the user to be ready for it. Manufactured urgency is one of the easiest ways to get a user to stop thinking critically and mindlessly click. Be wary of an email requesting immediate attention. If it was that important, they would have called you or walked over to your desk.
More Info: what kind of jobs can you get with comptia a+ certification
These are some of the common characteristics of phishing emails. Train end users how to recognize phishing emails and not to engage – don’t click, don’t reply. Develop a policy around what they should do if they receive a phishing email, such as deleting the email and reporting it.
Spoofed Emails
Threat actors are monitoring your email system. They are looking for patterns in your organization: who sends emails to one another? Who sends wire transfers? They can easily source email addresses from your company website or even from .xls or .pdf documents via a google search on your company domain. Your email and those of your peers are out there. Therefore, you can’t trust anything sent via email without analyzing it first.
Urgency Is the Reddest Red Flag
Any email that says, “login immediately,” “click here now” or “action required” is bogus. Nothing via email is urgent – that’s the whole point of email – it waits for the user to be ready for it. Manufactured urgency is one of the easiest ways to get a user to stop thinking critically and mindlessly click. Be wary of an email requesting immediate attention. If it was that important, they would have called you or walked over to your desk.
More Info: what kind of jobs can you get with comptia a+ certification
No comments:
Post a Comment