Over 90% of all network breaches are caused by, or include, a phishing attack.
What can you do to protect your organization?
We recommend that you start with technical measures like our email security suite, but that’s not the only step you should take. No system is 100% effective and your employees can also put your network at risk from their personal email. Therefore, your employees need training to understand what to look for to avoid phishing emails.
You, and everyone in your department, probably already know how to spot a phishing email. But how do you explain it to your users so that they get it? We’re here to help.
Customizable Phishing Awareness Training Handouts Make Life a Little Easier
Want an employee-training handout customized with your company logo and whatever specific actions you’d like for employees to take upon encountering a suspected phishing attack? Contact us and we would be happy to provide you with a free phishing awareness handout for your employees.
The 8 Things Your Employees Need Understand About Phishing
1. What is Phishing?
Phishing is a type of fraud in which a hacker attempts to gather personal information by impersonating a legitimate source or by sending users to a malicious web site. Hackers try to obtain any information that could help them pose as someone else, usually to steal money or intellectual property. This is done either through the surreptitious installation of malware, impersonating a legitimate site and stealing login credentials, or simply via a conversation.
2. The sender of that email may not be legitimate
Your employees should never trust an email based simply on the purported source. Cyber criminals have many methods to disguise emails. They understand how to trick their victims into thinking a sender is legitimate, when the emails are really coming from a malicious source.
3. Enticing or aggressive subject lines are used to lure people in.
Cyber criminals will do whatever it takes to get people open their emails. They often use enticing or threatening language in subject lines that urge immediate action. They may promise “free iPhones to the first 100 respondents,” or threaten that “your credit card will be suspended without immediate action.” Evoking a sense of panic, urgency, or curiosity is a commonly used tactic.
4. Impersonal greetings should be a red flag.
Since phishing emails are often sent to many people at once, they usually lack personal greetings. They often use generic terms like “customer,” “employee,” or “patient.” Your employees should be cautious of these terms especially if the email is asking for personal information.
5. That it is important to notice grammatical and stylistic errors.
Employees need to read their emails carefully, not just skim them. Many phishing attacks come from other countries, so these emails are often written by non-native English speakers. This results in a plethora of grammar and stylistic issues. If an email from a supposedly reputable company has spelling and grammar issues, it is probably a scam.
6. It is important to check the link destination.
Make sure your employees hover over all links before clicking them. Pop-up bubbles will display the link’s real destination. If it is not the website expected, it is probably a phishing attack. It is most important to make sure that the core of the URL is correct. Be especially cautious of known websites suddenly ending in alternative domain names instead of .com or .org.
7. Emails demanding “immediate action” are probably scams.
Emails that have an aggressive tone or claim that immediate action must be taken should be considered a potential scam. This technique is often used to scare people into giving up confidential information.
8. You can’t rely on images or logos.
Images can be downloaded or easily replicated. Brand logos and trademarks are no guarantee that an email is real. Even anti-virus badges can be inserted into emails to persuade victims into thinking there is no real threat. None of these add any actual legitimacy to an email.
Ensuring your employees understand the signs of phishing is an important defense against an attack in addition to technical measures.
An employee spotted a phishing email, now what?
Make sure there is a system in place to report attacks and make sure all of your employees understand how important it is to follow through in reporting it. They may think that just deleting the offending email is perfectly fine, but IT needs to know if your company is being targeted. Always make sure that your internal IT department is contacted as soon as possible after an employee spots a phishing email, so that IT can take appropriate action.
Vade Secure sponsors IsItPhishing.org. This web page search engine can determine if the link provided is real or a phishing attack. If you or your employees are in doubt of the legitimacy of a website, IsItPhishing can tell you.
Don’t Let Your Company Fall Victim
Dealing with the repercussions of a phishing attack is not only time consuming, but costly. One careless click has the potential to compromise your entire network so it is important that everyone works as a team to protect the company. Be sure to provide phishing awareness training to your employees.
Looking for free phishing awareness training?
Want a customized phishing awareness handout for your company? Contact us and we would be happy to create it for you.