This may come as a surprise to you, but a recent study by Code42 found that over three-quarters of (78%) CSOs and 65% of CEOs admit to clicking on a link they should not have.  This means opening up to the dangers of phishing. 

Phishing risks are something we talk about and that is discussed extensively online; as well as within the enterprise.  As of this latest study, it’s obvious that there’s a need even for IT security leaders (not just executives or employees) to keep in mind some steps that can help spot phishing before it’s too late.

Let’s take a look at three things you can look for when getting an email that you’re not sure of and that could be a phishing attempt.

Check the URL

Usually in a phishing email the URL will seem valid, that’s where they get you.  What you want to do to check its validity is hover over the URL with your mouse (without clicking, just hover over it) and see if the actual hyperlinked address matches the address displayed or if it’s different.  If it’s different it is most likely a fraudulent or malicious email.

Also, double check the last part of the domain name.  For example, info.ncxgroup.com would be a child domain of ncxgroup.com because ncxgroup.com appears at the end of the full domain name (on the right side).  If on the other hand you see ncxgroup.comotherdomain.com, then that domain would not have originated from ncxgroup.com because the reference is on the left side of the domain name.  This is a very common trick that phishing artists use to convince you that the message came from the actual company.

Spelling and Grammar Errors

Whether it’s a known company (like Microsoft or Apple) or a lesser known one, spelling and grammar are also hints to the possibility of an email being a phishing attempt.  If there is poor grammar and spelling mistakes that’s a huge indicator of the email being sent by a malicious actor. 

For one, big companies have spelling and grammar check, so they wouldn’t be sending emails with those types of errors.  Smaller and/or lesser known companies will still most likely put their best foot forward into ensuring they don’t send emails with poor spelling and/or grammar.  Also, we’ve all heard of Grammarly, the online grammar checker, that anyone can use to double check grammar and spelling; so there’s that too.

The Message Asks for Personal Information

It’s always a bad sign if an email asks for personal information because between banks and online platforms you use, that information is something they already have stored within your account.  Also, a bank or online account wouldn’t ask of such information from you through email. At the most, they would send you a notice to get in touch with them or even if, let’s say the email was asking you to fix your personal information, it still could be a phishing attempt. 

This is why it’s always best for any email that you get that asks for personal information that you DO NOT click on any links; but instead, you go to the site directly and log in from there or call the company to check with them directly.

 

These three tips can get you ahead of the phishing risks your company faces; and as they reveal, get you to pay attention to the small things that typically go unnoticed or overlooked.  This is exactly what malicious actors are expecting from you and why phishing attempts are so successful, as they trick even IT security leaders and executives to fall for the bait. 

It’s like webcam security, not many think of it because they don’t think of their webcam as a way in for hackers.  Yet, it is one such way cybercriminals can get inside a network; as are many other minute things that are used to conduct business in this digital era (computers, your printer and mobile devices, the apps you use, the social networks you check while at work, the operational software you use, automation tools, your internet connection, servers, and so on).

No matter where you are with cybersecurity, there’s always something more to keep in mind to ensure you have eyes on all the potential cyber risks your business will be up against.  This is why a holistic cybersecurity posture is something we always highlight as fundamental, and why cybersecurity awareness training is so important. It makes you effective and provides you with long-term results. 

If you’re ready to start planning for cybersecurity with a holistic posture in mind for now or the following year, or long-term, or you simply have some questions about it, give us a call.

Schedule your free consultation here!

Also, if you need cybersecurity training, take a look at our MyCSO Cybersecurity training solution.  The blog post tells you all you need to know about it and the offerings available for small businesses.

 

Photo courtesy of Sergey Nivens