Targeting employees is one of the easiest methods a hacker can use to attack a company. Cyber-security awareness and preparedness are imperative to businesses both large and small. You do not want one of your employees to be the weak link in your efforts to protect against a cyber-attack.
Whether it is a highly sophisticated attack or a hacker just looking to make a quick buck or wreak havoc with someone’s computer system, data breaches are all around us. Today’s threats are as vast and far-reaching as the Internet itself, and companies must remain vigilant in protecting against them. Email attachments and links can be a quick and effective means of launching a computer security attack, and there are many ways one of your employees can be tricked into activating a hacker’s attack vehicle.
Phishing emails, which use bait in hopes of getting the recipient to click a link, open an attachment, or divulge sensitive information, are becoming more common and more sophisticated. These emails are often an attempt to gain personal and financial information that can then be used for fraud or identity theft. Or they may be aimed at obtaining company information that can be used to launch a more sophisticated attack. Sometimes a link can contain malware that can not only disrupt your computer operation, but can also gather information to report back to the phisher.
It is important to train your employees on how to recognize—and avoid—the bait.
One difficulty with phishing emails is that they often look legitimate and appear to be from a trusted source. A safe rule of thumb: always think before you click a link or open an attachment in an email.
Here are some tips on how to spot a problem email:
- Validate the sender. Check to see whether the sender’s address and name match the purported sender. If it is an email from a major retailer, does the email address contain additional letters, or is the retailer’s name misspelled?
- Don’t be fooled by graphics. Phishers will use official looking graphics taken from legitimate websites to trick you into clicking on a link.
- Pay attention to incorrect content or information. For example, is the email a purchase confirmation for a purchase you know you did not place? If so, it might be a scam.
- Be suspicious of links and attachments. Links and attachments may be designed to solicit passwords, install malicious software on your computer, collect data, or direct you to a phony scam site—among other things.
- Watch out for threats and warnings. Phishers will often employ the use of threats or warnings in order to make you react before you think. For example, by including a message that your account will be deactivated unless you click on a link to verify your information. Legitimate emails typically do not contain threats.
- Watch for misspelled words and poor grammar. Cyber-criminals commonly use poor grammar and spelling. If you notice these types of mistakes in an email, it may be a scam.
- Don’t let personal information or details fool you. Inclusion of personal information does not make an email legitimate. Phishing schemes are becoming more sophisticated and often use personal information and content in a targeted email. Personal details, along with seemingly legitimate logos and formatting, are all part of the hacker’s effort to bolster the authenticity and make you click before you think.
Make sure your employees know not to click on links or attachments in suspicious email. Instead, direct them to contact your IT department or Information Security Officer to investigate the email.
Educating your employees on email risks and how to detect suspicious emails is one step toward protecting your organization from the growing threat of cyber-crime.
For additional information, or if you need assistance with an information security plan, Stites & Harbison’s Privacy & Data Security Group can help.