It might be a new year, but that doesn’t mean the business world has finally rid itself of phishing. As a matter of fact, the sending and receiving of malicious emails will only get worse. Hackers will grow richer and businesses will suffer deeply.
So what can you and your staff do to protect yourself inside your inbox? Quite a bit actually, and it’s all very simple. Here are a few quick tips to remember when you’re out there meandering through that inbox of yours.
Who sent the email? This is typically the very first thing people check, because the ‘who’ will usually determine what gets read first and what gets deleted before it’s even opened. However, when we tell you to verify the sender, this goes well beyond looking at an email address.
To verify a sender, you need to actually read over the email address. This is because ‘johndoe@soscanhelp.com’ looks awful similar to ‘johndoe@soscanhlp.com.’ You read that over too quickly, and of course, it will appear to be a legitimate email from John Doe, that friendly technician over at SOS. But unfortunately, that one letter can make the difference between someone you know and someone you don’t know.
What is the sender asking you to do? Are they asking you to download something? Click on a link? Send over information? Disclose sensitive data? Whatever the case might be, it’s important to confirm that the request makes sense.
Does this type of request usually happen through an email? Does this person even have the authority to make a request like this? Does it make sense that so-and-so from such-and-such company would want you to download something? Why would the sender provide you with a document rather than send you to a webpage or include the information inside the email? These are the types of questions you should ask yourself.
And it’s important to remember that even if the sender knows your internal processes, this does not mean the email is safe. As an example, check out this phishing attack involving Mattel back in the early months of 2016.
So there’s this thing called grammar. And most companies and business professionals are pretty decent at it. They use good grammar in formal and informal email communications, and they make sure that words are spelled correctly, capital letters are used, and periods are placed in all the right places.
This being said, you should always examine the actual contents of an email. Not just what the contents ask of you, but the way the contents are written. If you notice grammatical errors, it doesn’t automatically mean that the sender is a hacker from another country trying to take down your business. However, it should give you reason to further analyze other aspects of the email.
If you ever receive an attachment inside an email (or you’re asked to click on a link), you should always take a few moments to verify the attachment prior to downloading (or clicking). Sure, if the email comes from an employee or a client, there’s less reason to pause. However, this doesn’t mean there’s no reason to pause.
Oftentimes, a skilled group of hackers or cyber-criminals will pretend to be someone you know – like a coworker, partner, or client. And, really, this information is not hard to find out. It’s actually very easy. If you read that Mattel article from earlier, this is very clear. A group of hackers from across the world pretended to be an upper-level executive at Mattel, and it paid off… in the amount of $3 million.