Tips to Recognize and Avoid Phishing
Last week, the world again experienced a wave of Ransomware cyberattacks. This latest round harmed 12,000 computers in 65 countries.
What is becoming clear in the aftermath – and what we can all keep in mind everyday – is that phishing seems to be the primary culprit for infecting individual computers. It’s important to remain vigilant and remind ourselves and our employees of certain safe practices when managing email – at home or at work.
Practicing Safe Email Behavior
Generally, it’s SAFE to:
- Open and read an email.
- Preview an email in the reading pane of Microsoft Outlook.
- Delete or ignore an email.
- Open attachments or click on a link unless you know the message is from a safe source.
- Preview an attachment or link in Outlook – that’s just the same as opening it.
- Reply to or provide information back to the sender.
Identify the Red Flags of Phishing
These are the most common identifiers associated with phishing attempts. You can use these red flags when reviewing emails, especially from outside your home or business:
- Weird or unknown email address. If the email descriptor or the signature in the email says it’s from a company, but the email address looks completely different, it’s likely not a legitimate email.
- Blank or “undisclosed” recipients. Sometimes phishing emails are sent to a lot of people. Other times you see something like “undisclosed recipient list” in the “To:” field. Both of these are potential red flags.
- Lack of personalization. Did the email use a generic salutation such as ‘Dear Customer’ or nothing at all? Your service providers usually know who you are and typically personalize emails with your name or the last few digits of your account number to get you to read the message.
- Bad spelling and grammar. Legitimate businesses go out of their way to proofread their email. If an email has lots of spelling mistakes or improperly worded sentences, it’s likely a phish.
- Urgent request. Messages of an urgent nature, or requesting immediate action, are a common method used to rush people into making mistakes, and is another good indicator of phishing.
- Strange website links. If you hover your mouse over a website link, you will see the actual destination of the website you’re about to visit. If that location differs from the way the link is written in the email, it’s a good indication of a problem.
- Suspicious attachments. If you don’t know the sender, or receive something from a friend that looks suspicious, don’t open the attachment. If it is from someone you know, you can always pick up the phone and give them a quick call to make sure they actually sent the email.
- Requests for sensitive information. Be suspicious of requests for sensitive information, such as user IDs and passwords, financial account numbers, health information or social security numbers.
Remember companies of ANY size — and also individuals — are now victims to cyberattacks. A Cyber Liability and/or ID Theft policy, in addition to Business and Homeowners Insurance, can provide an important layer of protection.
Source: Nationwide Insurance, “Recognize & Avoid Phishing,” accessed June 30, 2017.