7 INDICATORS OF PHISHING EMAILS
According to Deloitte, 91% of all attacks begin with a phishing email to an unsuspecting victim and 32% of all successful breaches involve the use of phishing techniques. The best defense against phishing is to train employees on the warning signs.
Failure by a sophisticated corporation to train its employees on cyber hygiene and social engineering tactics, which includes phishing, may be grounds to sustain claims for negligent supervision and training practices following a breach. Furthermore, cyber insurers are expected to increase premiums and/or deny cyber insurance coverage to those companies without adequate cyber hygiene and employee training.
For the benefit of your business, teach employees these 7 indicators of phishing emails to lower the risks of a successful cyber-attack:
1. Email Address is Inconsistent with Sender’s Name
Verify the email sender by hovering over the display name and email address. Example: Name attached to the email address is “MOM” but the email address is XYZABC@GUERRILLAMAIL.COM. It is highly doubtful an employee’s 67 y.o. mother has a guerrilla mail account. Attackers usually spoof display names to look like it is coming from a legitimate person, but it can be determined by checking the display name for authenticity. Often, email addresses can be spoofed. If you receive an email with an unexpected attachment, call the sender to confirm the authenticity before opening the attachment.
2. Generic Greeting:
“Dear Customer” or “Dear Member” or “Dear Sir/Ma’am” as opposed to your name or an appropriate salutation such as “Mr./Ms./Mrs./Dr.” or rank for military personnel.
3. Demanding Urgent Action:
Be wary of emails containing phrases like "your account will be closed," "your account has been compromised," or "urgent action required." Fraudsters try to create fear and an urgency to react to override an otherwise prudent sense of caution.
4. Weird File Extension
Prior to LockBit ransomware, image files (.png and .jpg) were considered safe to open. While still a rare sign of danger, be very wary of any executable files (ending with .exe) or any files that end with an “m” such as docm. pptm, and .xlsm. Additional file extensions to avoid include .jar, .cpl, .com, .bat, .msi, .js, and, .wsf. If you receive an email with an archive extension like .7z, .rar, or .zip, and it asks to enter a password to open, it may be suspicious.
Often, an accountant or mortgage broker will now send private financial documents through secure portals as opposed to the antiquated method of requiring a password to open such materials. The general rule remains that unless you are expecting an attachment from a sender, do not open it.
5. Requests for Credentials
Emails should almost never request credentials for an account or direct the same to a website without offering a contact number to verify the authenticity of the request. Bad actors often seek to confuse individuals into entering Office360 and Microsoft Teams login information into fake portals as opposed to using password spraying.
6. Coupons, Refunds, or Fake Invoices
Receiving a coupon or a refund from a retailer that you never signed-up to receive correspondence from or an invoice from an unknown sender is an indication of malice.
7. Content Errors
Prior to opening any attachments, check the email and subject line for grammatical errors and content. Often, the signature block will also lack a legitimate phone number or legitimate email extension. If you google the email address, sometimes it will return search results reporting it as spam.
While training to spot phishing attempts is extremely important, remember to evaluate your office for physical security concerns and consider additional internal policies to better protect network integrity.