How can you avoid taking the bait from phishers?
There is no single golden rule that will completely safeguard you from falling prey to a phishing attack, but you should always keep the following pointers in mind:
- Check the sender’s email address: if the email address doesn’t match the name of the organization it is claiming to come from, then it could be a phishing email.
- Beware of the content of the email: phishers try to trigger emotions such as fear (if you don’t provide the requested data then you will lose access), greed (you can earn money), pity, etc.
- Check the links in the email: phishing emails often contain links to a website that does not match the name of the organization the email is supposedly from.
- Don’t immediately click on attachments: if in doubt, never open attachments in an email.
- Use your common sense.
The quality of phishing emails and the techniques scammers use are improving all the time, so it is increasingly important for all employees to be aware of the risks of phishing and of the dangers when sharing sensitive personal (or corporate) information. But probably one of the best ways to increase the overall security awareness is a well-thought-out ‘fake phishing email’ campaign.
As the CIO, online security is my daily concern. However, in a digitalized world, we all have to do our bit to protect our company’s confidential data. So, be prepared and resist the temptation to bite!
Author: Steven Fleurent. You can follow Steven on Twitter or connect with him on LinkedIn