System breaches, hacking successes and ransomware attacks are common items in the news today. Computer systems are under constant threat. IT specialists are often stretched beyond capacity to protect and maintain their systems. NXTsoft is here to help, by providing useful tools and assistance to your IT crew, and education for both your employees and customers.
There are many elements involved in protecting a computer system from attack. This article deals with the weakest link in that chain of protection: the user.
Perhaps the most common exploit against users comes through phishing emails. All it takes is a click to introduce malware into your system. One simple click can open the door to a ransomware attack and tens of thousands, or hundreds of thousands of dollars in costs to recover. So what can a user do to minimize the chances of a successful phishing attempt?
1. Review the 'From' email address. Do you recognize that sender? Is it a person or organization you know and trust? Is it normal to receive emails from them? Remember, if someone has hacked their system, that address may be accurate, but the email payload may still be a threat.
2. Review the 'To' and the 'CC' addresses. If other addresses are included, do you know them? Are they a logical grouping based on your knowledge of the sender? Is it logical based on the message or request being sent?
3. What is the email about, and how is it worded? Many phishing attempts have very generic messages, or odd wording, or bad grammar, or misspellings. And what is the message itself? Is it asking for money, or information, or actions such as clicking on a link or opening an attachment?
4. Are there attachments to the email? If so, were you expecting one as part of an on-going exchange? Almost any type of attachment these days could carry malware…it is no longer relegated to just ‘.exe’ or ‘zip’ files. Far better to use a common, shared network parking zone for file swaps within a company, or encrypted services to move them outside.
5. Are there links in the email? Links are also a huge opportunity for malware. And links may appear to be labeled one thing, but actually re-direct to a different site. Were you expecting a link as part of an ongoing conversation? Whenever possible, it is safer to include information in the email itself rather than rely on links to direct others to a different site. You can always use your own previously set bookmarks/favorites, or search on the company name in a browser, to go to a site rather than click the link provided in the email. And you can always try to call the other party to confirm before proceeding. The more common it is to use links, the more susceptible the users are to mistakenly accept and click on a phishing link.
So your takeaways:
First: Review the Sender Address
Second: Review the receiver addresses
Third: Review the email itself for generic wording, bad grammar, unusual or odd wording. Be especially aware of requests for sensitive information, funds, or urgent actions.
Fourth: Beware of attachments
Fifth: Beware of links
We here at NXTsoft hope these 5 ways to spot a phishing email will help you in your quest for safe computing.