Tip of the Week: Every Employee Should Know How to Spot an Email Phishing Scam

We’ve all heard of phishing scams: an email appears in our inbox, apparently from a Nigerian prince who needs a cash advance  to free up their own finances, and is willing to reward you with riches galore. However, this is just one (famous) example of a phishing scam. In order to protect your business, you need to be ready for all phishing scams, whatever they look like.

Despite the relatively simple approach they take, phishing emails are credited with causing many of the larger breaches that have occurred recently, and have successfully scammed people for years. In essence, a phishing scam convinces the target to click a link that either downloads malware onto their device or takes them to a fraudulent page that steals their personal information. While many phishing attempts are about as convincing as the fictional Nigerian prince story is, many are much harder to spot.

This is why you should always review your email with a critical eye, even when all seems to be fine. Do you know the person who just emailed you? Did you expect an email from that person? Are there attachments and links in the message? While these factors might mean nothing, it’s best practice to review them.

You should also be critical of the tone the message is written in. Despite the urge to comply that many people are raised with, an urgent message that demands swift action shouldn’t be accepted at face value without some more digging.

Your criticism shouldn’t stop there, either. Even if you know the sender, don’t assume that they were actually the one to send it. If the content of the email doesn’t match how you know that person speaks, be extra cautious, especially so if the message includes some request of you. When in doubt, don’t hesitate to contact the supposed sender through other means as possible and confirm that they did send the message. A quick phone call could save you a lot of hassle.

Finally, you need to prepare for the worst: falling for a scam. Nobody’s perfect, and the more people who are in your organization, the more likely it becomes that someone takes the bait. However, using tools like two-factor authentication and maintaining a backup can help you minimize the risks of this occurring, and help you mitigate damage if it does.

For more cybersecurity best practices and other IT topics, make sure to subscribe to the vCTO Secure blog.