Times have certainly changed for the majority of businesses as a result of the pandemic, and specifically, for the employees who are now working from home. This adjustment has caused industries and individuals alike to adjust their workflows. Job security isn’t the only thing to worry about, though; there’s also information security concerns.
With so many employees now operating within their own homes and relying on their own devices, it is up to the individual to keep cybersecurity threats at bay.
But in order to stop these threats, it’s necessary to understand what they are. One such threat is phishing.
What is phishing?
Phishing is a type of cybercrime that relies largely on email to target its victims. Phone calls and texts can be phishing vehicles as well, but email is the most prominent.
Phishing emails are emails designed to lure individuals in by taking an action, such as clicking on a link within the email or providing some sort of personal information. These emails appear to be legitimate, often mimicking an email address or company that is familiar to the individual.
Basically, the following tactics are commonly used in phishing emails:
- Offers that are too good to be true. This might not appear within the email body only but could be the subject of the email as well.
- Hyperlinks within the text that seem inviting. A good best practice is to hover over any link contained within the body of email to see the URL where the link is pushing.
- Attachments that are unexpected or don’t make sense. If someone is unsure about whether an attachment is legitimate or not, it’s best not to open it at all.
- Urgent emails are a common tactic because they make the individual think their time is limited. Just because something appears urgent in an inbox doesn’t mean this is the case. For example, a generic email saying an account will be suspended if action isn’t taken is fairly common. This might sound threatening at first, but the lack of specificity should let the user know this is a fraudulent attempt.
Take a step back
Before clicking on a link or on the email itself, users should read carefully. Is the sender familiar? Is the attachment expected? Are the URL links within the body of text trusted? These are only some of the warning signs.
There are also tools that can be advantageous, such as email preview. For example, Microsoft has an Application Guard, which is incorporated into the latest versions of Office 365. This feature allows users to open websites with peace of mind, as the process is protected with hardware-level containerization. Essentially, this means when a user clicks through an email link to another website, the action remains contained in a virtual and isolated space called a container.
This technology is not only available for Office 365 programs, though. Gmail users have access to a Preview Pane, which enables them to view the email message without actually opening them. Thunderbird is another email platform that makes use of a Message Pane, which operates in the same way.
In addition to self-administered scrutiny when reviewing emails, these email preview features should always be on and a user should make use of them. After all, a phishing attempt requires a user to take action for the attack to be effective. Therefore, users need to stay vigilant in their email behaviors. But, having some assistance goes a long way in this effort.
Reach out to Total Defense to find out how we can assist.