How to Detect a Phishing E-mail
As it is said that "Their is no match to human stupidity."
We always get excited when we get messages from the most know companies like GOOGLE, AMAZON, MICROSOFT, etc. We don't even think that this may be fraud.
Here are the 10 ways through which you can identify that these messages are genuine or not.
1. Don't trust the display name of whom the email is from:
Just because it says it's coming from a name of a person you know or trust doesn't mean that it truly is. Be sure to look as the email address to confirm the true sender.
2. Beware of urgency:
These emails might try to make it sound as if there is some sort of emergency(e.g., the CFO need a $1M wire transfer, a Nigerian prince is in trouble, or someone only needs $100 so they can claim their million-dollar reward).
3. Look but don't click.
Hover your mouse over the parts of the email without clicking on anything. If the alt text looks strange or doesn't match what the link description says, don't click on it - report it.
4. Check the email signature.
Most legitimate senders will include a full signature block at the bottom of their emails.
5. Check for spelling errors.
Attackers are often less concerned about spelling or being grammatically correct then a normal sender would be.
6. Be careful with attachments.
Attackers like to trick you with a really juicy attachment. It might have a really long name. It might be a fake icon of Microsoft Excel that isn't actually the spreadsheet you think it is.
7. Consider a salutation.
Is the address general or vague? Is the salutation to "valued customer" or "Dear [insert title here]?
8. Don't believe everything you see.
If something seems slightly out of the norm, it's better to be safe than sorry. If you see something off, then it's best to report it to your security operations center(SOC).
9. Is the email asking for personal information?
Most of the legitimate companies are unlikely to ask for personal information in an email.
10. When in doubt, contact your SOC.
No matter the time of day, no matter the concern, most SOC's would rather have send something that turns out to be legit than to put the organization at risk.
We always get excited when we get messages from the most know companies like GOOGLE, AMAZON, MICROSOFT, etc. We don't even think that this may be fraud.
Here are the 10 ways through which you can identify that these messages are genuine or not.
1. Don't trust the display name of whom the email is from:
Just because it says it's coming from a name of a person you know or trust doesn't mean that it truly is. Be sure to look as the email address to confirm the true sender.
2. Beware of urgency:
These emails might try to make it sound as if there is some sort of emergency(e.g., the CFO need a $1M wire transfer, a Nigerian prince is in trouble, or someone only needs $100 so they can claim their million-dollar reward).
3. Look but don't click.
Hover your mouse over the parts of the email without clicking on anything. If the alt text looks strange or doesn't match what the link description says, don't click on it - report it.
4. Check the email signature.
Most legitimate senders will include a full signature block at the bottom of their emails.
5. Check for spelling errors.
Attackers are often less concerned about spelling or being grammatically correct then a normal sender would be.
6. Be careful with attachments.
Attackers like to trick you with a really juicy attachment. It might have a really long name. It might be a fake icon of Microsoft Excel that isn't actually the spreadsheet you think it is.
7. Consider a salutation.
Is the address general or vague? Is the salutation to "valued customer" or "Dear [insert title here]?
8. Don't believe everything you see.
If something seems slightly out of the norm, it's better to be safe than sorry. If you see something off, then it's best to report it to your security operations center(SOC).
9. Is the email asking for personal information?
Most of the legitimate companies are unlikely to ask for personal information in an email.
10. When in doubt, contact your SOC.
No matter the time of day, no matter the concern, most SOC's would rather have send something that turns out to be legit than to put the organization at risk.
Comments
Post a Comment