3 minute read
Help Employees Avoid Clicking on Malicious Emails
Five Tips to Help Employees Avoid Clicking on Malicious Emails
By John Miller, Senior Consultant, Sophicity
Advertisement
As cybersecurity concerns continue to grow and grow, you will often hear that many data breaches occur because of employees clicking on suspicious emails. It’s obviously frustrating that an organization can implement the strongest firewalls, antivirus software and antispam software and yet still get a crippling virus from a simple email.
While it’s smart to make sure you have as many preventative methods in place that block or warn people about suspicious threats before they even happen, even the best of us can still click on suspicious emails. Here are a few tips that will help employees keep from clicking.
1. Look at the email address of the sender.
Hackers have become good at creating sender names that at first glance seem legitimate, such as “GoogleNotify.” But take a look at the sender’s email address. It’s clearly not from a Google email account. Sophisticated hackers may use a name that looks more legitimate, but email addresses are often an area where most hackers fall short — making it easier to know it’s a fraud.
2. Ask yourself if the email is normal or typical.
Suspicious email attachments usually ask you to do something that you’ve never done before. If you feel immediate suspicion or you immediately wonder why an organization would send you this email, then that feeling is a red flag. For example, if the email says your bank suspended your account and you need to download a zip file attachment to restore it, ask yourself if that sounds right. If you’re in doubt, go to the organization’s website or call the organization to ask if the email is legitimate.
3. Is the email asking you to click a strange link or an attachment?
If the email seems unusually desperate to get you to click on a link or an attachment, that’s a red flag. Especially be careful about attachments. Any legitimate organization does not typically conduct business through having
customers download zip files as a part of a transaction. And while many legitimate emails provide links, you need to assess your trust and past interactions with the organization sending the email. If it’s an email newsletter from a trusted organization with clear identifying information, you’re probably fine. But if the sender is asking you to do something odd such as accessing your email messages through a link (when you normally just go to your email account), then be extremely wary.
4. Is the email crystal clear?
If it is a vague communication — such as “Undeliverable messages. Get more information.” — be wary. Any professional organization would provide more information and context about a particular issue. A professional email provides a full description of what the organization asks of you and will provide contact information to not only handle any of your questions but also in case you want to verify that the email is not a scam if you have doubts.
5. Are you asked for sensitive information?
This is where the rubber meets the road for data breaches. Once you give out sensitive information like a password or Social Security number, your organization may be exploited. This is an area where your employees absolutely must err on the side of caution. No matter who asks for sensitive information, always confirm that request with someone in authority. When in doubt, confirm.
If a theme emerges with these questions, it’s that employees need a certain “street smart” mentality applied to email. And sometimes emails skirt the line. Recently, Facebook sent one of our employees a legitimate message that looked like a phishing attempt. That employee instead went to Facebook directly to handle the problem instead of clicking through any link in the email — just to be sure. In another instance, a similar looking email supposedly from Apple turned out to be a phishing attempt. Erring on the side of caution should be your employees’ rule of thumb, and it’s something to constantly communicate to them to help avoid viruses and data breaches.
Concerned about data breaches through email? Contact Sophicity to talk in more detail about this problem at 770670-6940, or check out sophicity.com. Sophicity is a KLC Cornerstone Partner and provider of “IT in a Box.”
Article reprinted from Kentucky City magazine, November/December 2015.
