SecurityHQ: 10 Top Tips to Detect Phishing Scams
September 2020 by SecurityHQ
Everyone is susceptible to a phishing attack. Often, phishing emails are well crafted and take a trained eye to spot the genuine from the fake. There are, however, ways to make yourself less of a target. Keep in mind our ten top tips to stay safe online.
1. Name of sender can trick you.
Email addresses and domain names can be easily spoofed. It is, therefore, crucial that you check the domain name for spelling alterations on suspicious emails. Even if they appear to have come from a trusted sender, always double check.
2. Check for typos.
Attackers are often less concerned about being grammatically correct. Which means that typos and spelling errors are often evident in messages. Such errors in an email could be a good indication that the message is not genuine.
3. Do not share sensitive information hastily.
Any email that asks for sensitive information about you or your company is suspicious. For instance, no bank will ever ask for personal information over an email. Directly call your bank to ascertain if an email is genuine or not.
4. Don’t fall for URGENCY!
Phishing attacks use scare tactics such as urgency and authority to trick victims into taking immediate action. Emails that ask to share personal information or to make cash transactions are… ‘phishy’. Read KrebsonSecurity article here, to learn about a specific Apple iPhone attack via a simple text message.
5. Hover but don’t click.
Hover over URLs. If the alt text does not match the display text, or if it seems strange, DO NOT click on it.
6. Attachments can be dangerous.
Hover over attachments to check for an actual link before you click on it or download it. But, if you are still unsure of the sender, do not click on the link.
7. Is it too good to be true?
If it sounds too good to be true, chances are it is! Phishing attacks use fake rewards to tempt victims to take action. You wouldn’t win a lottery if you never participated.
8. Keep your devices up to date.
Devices, and the applications on them, are more susceptible to attacks when systems are not updated. Read our blog here for a specific example on an Office 365 account compromise. Maintain your antivirus and regularly check for updates.
9. Regularly check your accounts.
Check your accounts regularly to ensure that no changes have been made without your knowledge. Staying on top of your accounts, and knowing what data is held in each, will make spotting a phishing attack easier.
10. When in Doubt, Call out.
If you suspect that the security of your work device or data has been compromised, inform your cyber security team or your manager immediately.