Phishing emails are not a new concept in 2021. We’ve all seen or heard about emails that appear to be sent from someone senior in the company, asking if you are free to help them wire thousands of dollars to an offshore account, or to buy iTunes gift cards for a potential client. They then discover that the email’s name or address had been spoofed. And the email was actually sent by a malicious impersonator.
However, these attacks are becoming more successful today, by targeting time-poor workers. Typically, they are in a SMB-sized business, wearing multiple hats and juggling multiple tasks. Maybe they’re struggling with working from home. Or they’re switching over into holiday mode early.
Most workers just scan an email to understand the key points and actions to take. They don’t read a full email carefully, or check the email address it was sent from. Problems are also exacerbated, when reading emails on a phone or tablet. These do not provide the full email address or details of the sender.
As the silly season gets underway and we all become time-poor, here are six key tips to remind your clients:
1.) Do not respond to any email asking for personal or financial information. Do not click on any links provided in such a message (the importance of this cannot be overstated). When working on a device with a mouse, you can hover over a link to see the URL you are going to. Don’t click it, if it does not look like the address of the company you’re heading to.
2.) Get in the habit of never sending sensitive data (i.e. credit card numbers) via email.
3.) Be careful when opening attachments or downloading files attached to emails, even if they appear to be from a friend (spoofing can hide the true source).
4.) If you are visiting a banking website or accessing other sensitive information, look for the lock icon and “https” in front of the web address – it indicates a secure site.
5.) Be suspicious of unusually long, and random-looking web addresses.
6.) Unsure if an email is from a legitimate business? Call the business yourself, instead of replying to the message.
For an extra layer of protection against phishing emails, deploy an advanced email filtering service such as MPmail Avanan. Avanan uses unique AI, and machine learning technologies to protect against phishing attacks – while integrating with Microsoft365 in the cloud.