With phishing and email-related attacks still among the top methods cybercriminals use to gain access to their target’s system, Check Point has put together a six-point plan to help spot and defeat these attacks.
1. Look at the Sender
Because most phishermen are not people you know, it is important to take a close look at who sent you the email. Before opening any email, you should check to see that you know the individual sender. It should be someone with whom you communicate regularly. An email out of the blue from someone you haven’t heard from in 15 years on an unrecognizable topic is cause for caution.
Now, take a closer look at the sender’s email address. Do you notice anything strange? Perhaps a zero “0” was substituted for the letter “O”, or there is a punctuation mark in the middle of the email address that shouldn’t be there, or the letters may be out of order or have an extra letter somewhere in the address. It may look similar to a real email address, but not quite right. These warnings all indicate that the sender may not be the person you think it is and should cause you to exercise vigilance.
2. Examine the Addressee List
Next, take a look at how many people received the email. Do you know those individuals? If not, it may be best to avoid opening the email. Be aware that a phishing scam may target a large number of people in your organization. If you receive an email with an unusually large number of your coworkers as recipients, and those individuals do not interact regularly or have an apparent connection, it should raise a red flag.
3. Suspect the Subject
Work communications should be related to your job function, so be sure to scrutinize at the subject line. Check to be sure that the subject is one that you would anticipate receiving in the first place. Does it make sense that you are the person getting the email in question? Is the email a reply to an email that you didn’t even send? If so, don’t open it. It is likely malware or spam at the very least. Also, take a look to see if the subject matches the contents of the message. Misalignment is grounds for suspicion.
4. Scrutinize the Timing
What time of day was the email sent? Was it at a time that you would expect someone to be sending you a business email? While many of us work with counterparts all over the globe, it is still possible to detect emails that are sent outside of the norm and avoid opening them.
5. Avoid Strange Attachments and Hyperlinks
We’ve all been told, what seems like a million times over, that we shouldn’t open strange attachments in emails or click links in emails from people we don’t know. And yet, we still do it. You can reduce the likelihood that you are opening or clicking malicious content by examining a few things. First – did you expect an attachment, and is it a common file type that you would expect to receive as part of your job? If not, don’t open it! Does the file have a weird name, or are there unusual symbols in the filename? If so, that is another sign to leave the file unopened and the link unclicked.
6. Beware of Unsettling Content
An email containing unsettling, startling, or urgent content that requires immediate action on your part is often signs of a phishing attack. We have all seen the phishing emails claiming that your bank account was hacked and you need to log in right away. Don’t fall for it. If you think it may be true, rather than clicking a link in the email, call your bank, or log into your account from their website. Whatever you do, do not use links, web addresses, or phone numbers within the email. Those may be illegitimate. Be wary and extremely cautious of these types of emails, as they may be phishing scams.