What is Phishing? How do I spot it?
Phishing is not a new phenomenon – it has been the most common attack vector for cybercriminals for many years. With the increasing complexity of phishing scams, knowing how to spot a phishing email has become more important than ever.
In spite of advances in anti-virus protocols and detection technology, these attacks continue to increase in number and impact. Everyone is a target in today’s cyberwar climate but, by educating your workforce about how to spot phishing and deal with phishing attacks appropriately, today’s targets can become the primary defense sentinels of the future.
How to Spot a Phishing Email Begins with Knowing, What is a Phish?
The first step in spotting a phishing email comes with understanding what a phishing email is. The most accurate definition of a phishing email is an email sent to a recipient with the intention of making the recipient perform a specific task. Now, the attacker may use social engineering techniques to make their email look genuine, and include a request to click on a link, open an attachment, or provide other sensitive information such as login credentials.
Socially engineered phishing emails are the most dangerous. These are constructed to be relevant and appear genuine in their targets inboxes’. The recipient is more trusting of the email and performs the specific task requested in the email. The results can be devastating. If the recipient clicks on a link to a malware-infected website, opens an attachment with a malicious payload, or divulges their login credentials, an attacker can access a corporate network undetected.
Why are Socially Engineered Phishing Emails are so Effective?
In a rush to get people working remotely, not every employee was able to take a company laptop home. In some cases, the company laptop failed during the stay-at-home. This forces employees to use personal devices to connect to the company network. Scan the network to identify new or unknown devices.
“If You See Something, Say Something”
Conditioning employees in how to spot and report suspicious emails – even when opened – should be a workforce-wide exercise. The chances are that if one of your employees is the subject of this kind of attack, other employees will be as well. “If you see something, say something” should be a permanent rule in the workplace. It is essential that employees have a supportive process for reporting emails they have identified or opened.
The reporting of potential phishing attacks and opened suspicious emails enables security personnel to secure the network quickly. Mitigating the risk that a threat will spread to other areas of the network and minimizing disruption. It is also a good practice to identify which employees spot actual phishing emails. The information can be used to prioritize action when multiple reports of a phishing attack are received.