30 Tips in 30 Days: Tip #6

Here is Tip #6 for National Cybersecurity Awareness Month: Don’t open that email.

Pretty much everyone by now knows about email phishing, but even though we know about it, it’s still a major risk.

In 2019, 90% of surveyed organizations faced spear phishing attacks, and 86% reported dealing with business email compromise (BEC) attacks. BEC is when an attacker impersonates an organization’s executive to defraud the company and its customers, partners and/or employees into sending money or sensitive data to the attacker’s account.

Steps you can take

Set up a spam filter to catch as much as you can, but be aware that no filter will catch them all.

Educate your team. And then educate them again. Run tests with a cyber expert to find holes in that training.

Here are five easy ways to identify a phishing attack:

1. Look at the “from” address. Be sure you recognize it, and look closely. Then take a second look at the domain name (that’s the name after the “@” symbol). Make sure it’s spelled correctly. Many email solutions will label outside email as “External,” and these emails should be vetted even more closely.
2. Make sure that the “reply” address matches the “from” address of the sender; otherwise it may be a spoofed email.
3. Make sure the sender is who they say they are. This is done by using out-of-band communication to contact the claimed sender. In other words, DO call your brother and make sure he actually sent you that cat video before you click on the link in the email, and DON’T email them back and ask if it is him; the attacker will always reply “yes.”
4. Check that the message is well composed with the grammar and spelling you would expect from the sender, whether it’s your boss, your brother or your bank.
5. Triple check all email links before you click on them by hovering your mouse over the link (without clicking on it) because your email application will show its actual destination. Look at the domain and be sure it is what you would expect. Misspelling a domain is a very common tactic (microsft.com vs. microsoft.com). At a glance, they look the same, but one will take you to Microsoft, and the other will take you somewhere you don’t want to go.
6. If you’re still not sure, ask IT (don’t forward) and do not open it. Or contact the alleged sender through a different method to confirm it’s from them.