Sniff-sniff… ever get an email from your boss or client that just doesn’t smell right? Your instincts are probably smelling something phishy!
Everyone gets phishing emails—emails that look to trick you to click on a malicious link or download a malicious file, usually by looking like someone/a vendor you know and trust. Phishers are also getting uglier and are now using scare-scams to make it look like a safety warning from kids’ schools, or an Amber alert, etc.
Verizon’s security team estimates that 92% of all malware last year was delivered via phishing emails. One of the most effective ways to keep your organization safe from cyber-jerks is to make sure your employees know what to look for, and that email (sadly) should be looked at cautiously.
First step on being email-cautious is don’t be so trusting. Every email is a knock at door. Do what I do when someone knocks on our front door… bark really loudly! Okay, so you can’t do that because your co-workers will look at you funny and stop inviting you to lunch, but you can look at each and every email as if a stranger is trying to get in. A quick look at the email—sender/subject/text—for anything untoward is step one.
Ask yourself this: does the email pass the “sniff-test”? Is this the sort of email that is typical from your co-worker or customer? Does the subject line make sense? Does your boss normally ask to “check out this link” or “send a wire transfer ASAP?” Does your vendor normally send you invoices in attachments and/or links? Most of today’s world may send invoices via email but they are usually in the body of the email not links or attachments. Is the grammar and spelling in the email professional? Not only do I sniff every email I get, I also sniff have human I see too. Strangers, friends, old people, babies, doesn’t matter to me. Everyone and everything has to pass the sniffer test.
Second, CHECK the SENDER EMAIL ADDRESS. Look for one-letter off kinds of things. The human brain is wired to see letters in patterns so we can quickly read things. Dogs brains are trained to see things like slices of American cheese (okay, that might just be me). Look for slightly-off email addresses before you do anything. Also, never click on a link before you “hover over” to see where it’s going. If the address looks weird, trust me you don’t want to visit that site.
Third, and this is really important—don’t ever REPLY to suspected emails, rather pick up the phone to call and confirm the email is legit. This reminds me of the time I thought I was a chasing a black cat with a white stripe down its back and tail… but it turns out black cats don’t have white stripes down their backs. Replying to a phishing email, like chasing a skunk, only gets you into a world of stink.
Fourth, being on the lookout is an everyday behavior and takes practice so look at getting your team set up on a regularly scheduled training that includes an ongoing phish-testing program. It’s always good to find out who in your organization clicks on phishy-like emails and have them re-learn that not all friend-requests are friendly.
Email isn’t going away anytime soon, but it’s important that every email sent to your company is seen like a knock on your front door. Take the time to look at who is knocking and if you should even open the door/email.
As always, if you ever have a question about email security, cybersecurity, or just want the best rated IT firm in Upstate New York to help you sleep better at night, give my guys a call at 518-320-8906 x 101 and talk with Lauren. We’re here to help.