As ridiculous as some nefarious emails seem, like a long-lost relative needing to be ransomed from a far away country or offers to share in their new windfall, 90% of all data breaches still come from phishing. While you may feel confident in not falling for these types of scams, most bad actors are a LOT more sophisticated and 86% of organizations have had at least one employee click on a phishing link. You can help protect your personal and employer IT networks by looking for these red flags to avoid a data breach.
Phishing is when a bad actor sends out a message or email asking the recipient to provide some type of secure information. A response can be used in a variety of malicious activities including infiltrating IT networks to deploy ransomware attacks, collecting and selling credentials or data, or other espionage attacks. All it takes is one careless or distracted click on email to unleash a data attack in your company, so it’s critical you stay vigilant in reviewing email requests and links.
Four red flags to avoid a data breach:
- Unusual requests: Maybe you’re being asked to send a gift card or to text them with financial information. Pay particular attention to those that seem to originate from your organization. Is it a request from your manager or coworker and with language they wouldn’t normally use. Does the request align with your typical role, duties, and supervisory chain?
- Grammatical or spelling errors: Is punctuation missing? Do you see terms made plural when they should be singular and vice versa?
- Email address domain is wrong: Pay close attention to the email sender address. Is the domain of the email address an exact match to company’s known domain? (ex: @pearlsolves vs @pearl-solves)
- Urgency: You’ll notice this more in the subject line, with words like “urgent”, “immediate action”, “attention”, or “important”. These are often tied to content like “problem with your order” and come from a retailer or online pay portal. Did you order something within the last 10 minutes? If not, be very wary. Check the domain and check your bank or credit card first.
Unfortunately, you are putting yourself and your company at risk with every click, especially if you are not sure what to be on the lookout for. Checking these four red flags should go a long way toward data breach prevention, but there are many more attack methods to be aware of. Regular security awareness training is an essential part of your cybersecurity strategy and helps keep you or your staff up to date on attack methods and vigilant in prevention.