It’s Monday morning at the office and you are finishing your cup of tea while going through the weekend emails. You reply to Chris’ inquiry and save the draft that Sue sent over. Then you come across a strange but official looking email. You don’t recognize the sender but it reads: Invoice: 97303 Confirm Shipment in the subject.
Should you open the email? The email preview shows you a link that reads: tracking for your order. Should you click on it? Wait, did you order anything? Should you ignore it? Delete it?
The best defense against phishing attacks is a smart user.
The term phishing might sound like a summertime hobby but it is very dangerous. People will send a carefully crafted email in the hopes of tricking you into clicking on something or relay personal information. Malicious links, viruses, and scams are the bait while you (unknowingly) are the “fish.”
I've put together some simple dos and don’ts to follow when dealing with email, attachments, links and forms.
1. Do understand this happens quite often
Unfortunately, crafting these legitimate-looking emails and then mass sending them to company address lists is an illegal profession.
Scammers target certain audiences based on the information they want to gain. It isn’t uncommon to receive a fraudulent email in an attempt to solicit money, credit card information, usernames, or passwords.
Often, links will redirect you to a website that closely resembles the page of the company that it is attempting to represent. Scammers will go as far as placing a logo on redirected sites to keep you from realizing that you are on their hook. As you enter your sensitive information, they are reeling you in.
(Not sure how to spot it? click here to find out: How to recognize Phishing scam emails)
Never submit any details in which you aren’t 100% confident. Break the wire!
2. Don’t forward the email to your colleagues
Forwarding the strange email to Bob in HR will not help. Raising verbal awareness about the email to your team is one thing, but creating the opportunity for another employee to potentially click on the email that you (a trustworthy sender) sent makes this situation worse.
The fewer the people who fall victim to phishing attacks, the better.
3. Do contact your friendly IT department
If you notice an increase in spam and phishing emails, let your friendly IT department know. They can investigate the email headers to determine a couple items:
- The domain it came from in order to block it
- Who the recipients are (individual addresses or distribution groups)
- In the event that it gets sent to a large number of users, they can mass delete the email from all mailboxes that received it in some environments that are hosted in-house
(This wouldn’t be the case for cloud environments)
4. Don’t click on any .exe files that may be attached to the phish email
Not all attachments are harmful. Their primary function is to include additional documents or pictures to send along with the email. Common file types that can be attached to emails are:
- .exe stands for program execution and is used for installations
- .txt stands for text and is used for text or scripts
- .pdf means portable document format and is used for documents
- .jpeg means Joint Photographic Experts Group and is used for images
- .zip is an archive file format to compress data
- .xls and .xlsx are Microsoft Excel file formats
- .doc and .docx are Microsoft Word file formats
As a rule of thumb, if you see an .exe (executable) type of file, it is best to not run it. This will install whatever unwanted software/registry, or script that it contains on your PC. Know the attachment types and you will be better prepared to handle them.
5. Do unsubscribe when you can
Another method in which spammers obtain your email address is when you subscribe for something you do want, such as a newsletter. Many companies then sell the address lists.
As a result, you get stuck with spam/junk mail that you don’t want. Limit the places where you sign up for something using your company email address. Even better, have a generic gmail account for subscriptions and personal email.
6. Don’t fill out forms you aren’t sure of
Be suspicious of forms in which the sender asks that you fill out important information such as bank account information and social security numbers. Most organizations such as banks, stores, insurance companies, etc. will not contact you to verify sensitive information. They often times advertise that in their fine print or commercials.
Scammers will try to reel you in but ask yourself “why do I need to provide this information?” Locate a phone number to call the source and inquire if/why this information is needed.
7. Do feel free to ignore the email and delete
But the Nigerian prince needs help and I can fund his cause by transferring some money and he will repay me tenfold when he has the opportunity….
If you get an odd email and it means nothing to you, delete it. Out of sight, out of mind.
A variation of the royalty with money trick is scammers who hack into a friend or relative’s email. If you get an email from someone you know reading they are in a foreign country and their wallet or purse was stolen and they need you to send money to get home. Don’t!
8. Don’t forget you have a junk folder
If you get a strange or nasty email, know that you can right-click on the email and mark it as junk. This will ensure the specific sender’s email address or domain will be flagged as junk from your email profile so future ones don’t make it into your Inbox folder. Rather, they will be sent to the junk folder which you can later delete.
It happens all too quickly and frequently. Innocent people fall victim to phishing scams, especially in a workplace environment. Regardless if you have a fully updated antivirus software or strict spam filters configured in your email system, end users are a very real line of defense.
Be prepared and guard your sensitive information. Practicing your best judgement is extremely beneficial when you come across emails, attachments, forms, or links.
Scammers may be out phishing, but there is no need to let them catch you.