A large majority of organizations are still utilizing a “work from home” model, due to the current pandemic. Several things have shifted to the virtual world in the last six months, from school to work, and everything in between. It is extremely important that we stay hyper vigilant about our online safety! The “shift” to the virtual world that happened almost overnight has opened the flood gates for cyber criminals, and one common attack is a phishing attack through email. Phishing is a type of online scam where cyber criminals send an email that appears to be from a legitimate company or individual and asks you to provide sensitive information. Hackers use this type of attack to steal user data, including login credentials, credit card numbers and often directs users to enter personal information at a fake website which matches the look and feel of a legitimate website. It occurs when an attacker, pretending to be a trustworthy person or entity, tricks a victim into opening an email, instant message, or text message.
Below is a great example of a phishing email that was sent to a WA Group employee. While referencing the below screenshot, here are some steps on how to identify phishing emails, which in turn, will help prevent you and your organization to fall victim to the crime!
• Look for unnecessary symbols or numbers in the subject line of the email (like the “}” after the word “Password” below).
• Make sure the organization listed in the email address, matches where the sender is from. The below email is supposed to be someone from Microsoft, but their email address references “kalittaair”.
• Typically, phishing emails are sent with “high importance” or give a sense of urgency in the email. The below email is telling the recipient their password is going to expire today!
• Look for unnecessary words or symbols in the body of the email (in this example it’s <=””head=””>).
• The example below greets the individual by their email address, and not their name. The email address is also an outdated email address.
• Look for incomplete sentences, grammatical errors, spelling errors, etc. in the email.
• Hover over any links before clicking on them. You will see in the below example, we hovered over the link and it is a link to a “cottoninloveshop.com” web address and not Microsoft.
• This email gives the option for the recipient to keep their same password. This is a huge clue that this is a phishing attack. To keep up with cyber security best practices, individuals should always change their passwords often!
• The bottom of the message states who the email was sent too. It is safe to assume the email recipient does not need to know the email was sent to them!
It is impossible to expect individuals to not open emails, so simply telling employees “don’t open an email if it looks suspicious” is not great advice. But training employees to look for signs of phishing before clicking on links, downloading attachments, or replying to the sender with sensitive information is extremely important. Any phishing emails should always be reported to an IT department, follow any instructions the IT departments gives you, and change your passwords immediately.