Recently, we’ve been on the receiving end of several phishing attacks. Thanks to the vigilance of our Ducks, none have yet succeeded. But it’s been a welcome reminder of the danger of phishing, and a good test of the process and security we have in place to defend ourselves. The attempts have included: Emails that look like collaborative documents shared by colleagues. Emails that are apparently from me, asking team members to purchase gift vouchers on my behalf. Emails that are apparently from me, asking for people’s mobile numbers. Some of them are pretty creative and they can also be quite convincing. Until you look more closely: A spoof email from Danny 🥲 This email wasn’t from me and I don’t call him Rick Another fake email from Danny This wasn’t from me and it doesn’t sound like me either. With phishing attacks, the first line of defense for many businesses, including Cyber-Duck, is some form of email security software. In many cases, good software, properly configured, will block and trap phishing attacks before they get to your mailbox. That’s certainly the case here at . But the system is not infallible, and in many cases, it may only give you an 80% success rate. Cyber-Duck This inevitably means that some phishing attacks will still get through and will land in people’s mailboxes. And… another fake email from Danny We train our team to check the ‘From’ field and to be careful clicking on links. This is why employee training is a vital component of any businesses' defense. Ideally, training is given through a layered approach as part of the induction and competency plan. Then, it should be reinforced via company-wide refreshers and regular reminders in weekly meetings. Phishing emails aren’t that . Here are four red flags to look out for: hard to spot Frequently the actual sender’s address will be inaccurate. An email purporting to be from me may well use my name, but the email address will usually be some random Gmail/Yahoo or other made-up address. This is a significant indicator that we’re encouraging people to check. The language used in phishing emails will be out of character too, for example calling a staff member by a different nickname or using a new tone of voice. The request may be unusual. Asking for money to be transferred to an account, or for you to hand over a personal mobile number or other information with no real explanation of why. Finally, it may request you to click a link or log in to a webpage — something you should never do as a result of an email. This time its a spoofed phishing email from our HR team Never log in to a webpage or service by clicking on an email — unless you’ve checked it’s legit. One of the most important things we’re training our Ducks to do is ‘stop and check’. If they are at all unsure, get back in touch with the sender by starting a new email (don’t hit reply!), or phone them to ask. This check will quickly reveal if the email is a scam and could save the business from financial loss and embarrassment. While security software offers some protection, there is no substitute for well-trained, vigilant staff — they’re a critical line of defense. Also published on https://danny-bluestone.medium.com/phishing-attacks-watch-out-for-these-four-red-flags-e0a6634be976

Different

UX Digital Transformation agency that specialise in Drupal and Laravel

4 Ways To Identify a Phishing Attack

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

108 Stories To Learn About Cybersecurity Tips

10 Cybersecurity Tips Everyone Should Follow

10 Best Practices for Securing Your API

122 Stories To Learn About Cybercrime

3 Cybersecurity Terms Non-Techies Can Use to Impress a Techy Date

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

108 Stories To Learn About Cybersecurity Tips

10 Cybersecurity Tips Everyone Should Follow

10 Best Practices for Securing Your API

122 Stories To Learn About Cybercrime

3 Cybersecurity Terms Non-Techies Can Use to Impress a Techy Date

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps