Cyber Security Awareness Month

Fight the Phish

Cyber security is a journey, not a destination. It requires us to be constantly vigilant, as the threat landscape ever evolves. While technical elements of cyber security are important, the human element remains one of the biggest weaknesses in cyber security. One of the most formidable threats that takes advantage of this weakness is phishing.

Phishing is the process of impersonating known individuals or legitimate organizations to fraudulently solicit your personal or sensitive information. This information can then be used by the attacker to access your network and/or deliver malicious software intended to infect your computer or devices. Due to the wide variety of phishing techniques, it can be difficult to spot the signs of a phishing message. After all, attackers are technically skilled at tricking you into giving up information. The best way to fight phishing is through awareness.

As October is Cybersecurity Awareness Month, here are 5 tips that will help you identify phishing attacks and some practical ways to keep you protected:

1. Shield Your Information

Usually, legitimate organizations are unlikely to ask for sensitive data via emails, texts, or links. Be suspicious of emails or texts urging you to provide your credentials.

2. Be Aware of Urgency or Threatening

Phishing emails or texts will often have an element of urgency or threats of consequences if immediate actions are not taken. This is just a pressure technique meant to provoke rash actions. Don’t be fooled.

3. Think Before You Click 

Cybercriminals will try to make their messages look as legitimate as possible. Just because a message says it’s coming from a person or organization you know, doesn’t mean that it should be trusted. To discover the true sender, hover your mouse over the sender’s email address, and compare the name of the sender with the email address that is revealed. The same can be done for links embedded in the communication. Be suspicious of all unsolicited emails – if it feels unusual it probably is.

4. Watch Out for Grammar and Spelling Errors

Be aware of general or vague greetings such as “dear customer”, differences in the language being used in the email body, and grammar and spelling errors. These can help you identify a phishing message.

5. Report and Delete

It’s better to be safe than sorry. If something seems out of the ordinary, report the suspected email and delete it from your inbox – no matter the concern. If it turns out to be a legitimate email, then likely no harm will come from reporting it and you haven’t put your organization at risk.

Bonus Tip – Protect Your Organization

Attackers are looking to exploit weak controls to break into your network. Be proactive and conduct regular phishing exercises to validate that your staff can detect and respond correctly to a phishing email.  When combined with a strong cyber awareness program, phishing tests will assist with developing ‘cyber aware’ users who are vigilant and who comply with the acceptable use policies in place to protect corporate devices and applications.

For more information about our Cyber Threat Intelligence Services or how we can assist you, contact us by clicking here.