When it comes to phishing attacks, bait often comes in the form of a compelling email. Therefore, anti-phishing awareness is vital, both at home and at the office. Why? According to the , phishing is by far the most preferred form of attack by cybercriminals. In that year alone, 6.95 million completely new scam and phishing pages were generated online. FBI The biggest targets were the technology, finance, and retail sector, and the most common email service used was Gmail. This all coincides with the move to remote work, with around the world experiencing an increase in phishing attacks. So, it's easy to see why it is the primary security concern for as many as 90% of IT professionals. 81% of organizations And the ? Humans. weakest link 6 Signs of an Office Phishing Attack Help your team adapt the anti-phishing mindset and keep a lookout for the following traps to avoid a costly attack at the office. 1- The Email Comes from a Non-Business Domain You will probably receive an abundance of emails from other professionals at the office. True professionals will have a domain email. Those with an established business are not likely to use Gmail as their email provider. However, if one does land in your inbox, you should automatically proceed with caution. As previously mentioned, this is the most common service used for phishing emails. However, sophisticated cybercriminals already know this. So, in order to avoid being detected, they will mimic the organization they're posing as. This recently happened to just last year. Hackers engaged in an active phishing campaign, using a combination of "legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters." Microsoft If you're ever in doubt whether a true professional is contacting you, double-check by doing a simple Google search of the company, and you'll be able to find the proper email addresses. 2- You Didn't Initiate the Conversation If you are the recipient of a marketing email to which you never subscribed, there is a high chance you're the target of a phishing email. If that quick Google search didn't come up with any contact emails, you can always follow up over the phone with the sender, just to be sure. 3- The Domain is Off Incorrect spelling and grammar are some of the most common signs that you've received an email. This is especially true with domain names. Phishing emails typically direct you through to a fake domain for the purpose of stealing your sensitive information. To be effective, it's essential that they replicate the organization's web domain they're trying to dupe. Since the domain they're trying to duplicate is already taken, they need to come up with a fake domain, and so subtle changes are made to the URL. Often, very similar characters are used in the spelling to throw the unsuspecting user off. Let's take Google as an example. Instead of you might see something along the lines of: . Upon closer inspection, it's pretty easy to spot, isn't it? https://www.google.com/, https://www.go0gle.com/ How about: ? We've replaced the lower case L with a capital I, and most people wouldn't be able to tell the difference in the search bar. https://www.googIe.com/ See how easy it is to trip up? While it's great to have your eyes and ears open at all times, it takes just one click for businesses to fall prey to a phishing attack. So to ensure maximum safety, it's crucial to invest in reliable anti-phishing software. Preferably something that extends beyond email, protecting your cloud applications as well. 4- The Attachments Look Strange Scammers love to send through malicious attachments in emails, so if you see file formats such as .EXE or .SCR, you should think twice and double-check the source prior to opening. As more people catch on to their fraudulent ways, cybercriminals have evolved their techniques and loaded PDF files with malware. 5- The Email is from a Co-Worker You Know We've all been warned about receiving emails from unknown senders. Still, there is also the possibility of your friends, family members, and co-workers getting their emails hacked and sending out phishing emails to their email list. So, how can you know? If the email you receive from a known person contains a different tone than usual, contains random links, file extensions, a blurred-out document with a link to view it, or urgency to take a certain action, be sure to call them and make sure they haven't been hacked. 6- Your CEO is Making Strange Requests Some cybercriminals have made the shift from sending mass emails out to targeting particular employees by posing as company CEOs. Otherwise, , these emails are carefully curated, asking the recipient to carry out specific tasks. known as spear phishing These emails are sent in the hope that employees don't question the odd requests because it's coming from someone in management or even the CEO, but that is precisely what you need to do. If you're asked to pay an invoice or send over personal information, contact the person in question to ensure the email is legit. Nail Your Anti-Phishing Strategy in the Office Staying ahead of tech-savvy cybercriminals is no easy task, especially if you're not an IT expert. However, making sure that both you and your co-workers are informed and know the key indicators of these attacks is a great start to an efficient anti-phishing strategy. But it takes just one slip-up from one employee for a business to potentially crumble. That's why it is imperative to invest in effective anti-phishing software.

Google

Microsoft

Target

Cybersecurity Trends in 2022 and What They Mean for Enterprises

Read My Stories

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

6 Signs of an Office Phishing Attack

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

5 Ways Startups Can Grow Content to Rank Quicker

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

108 Stories To Learn About Cybersecurity Tips

10 Cybersecurity Tips Everyone Should Follow

10 Best Practices for Securing Your API

5 Ways Startups Can Grow Content to Rank Quicker

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

108 Stories To Learn About Cybersecurity Tips

10 Cybersecurity Tips Everyone Should Follow

10 Best Practices for Securing Your API

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps