We’ve seen a rise in security incidents recently and wanted to share ADNET’s top 5 tips for recognizing email threats. Taking a few minutes to examine emails before acting can prevent them from becoming an issue.
Here are some quick tips for all those messages from unknown senders sitting in your inbox:
- Verify the sender’s identity: Confirm that the email address aligns with the official communication channels of the alleged sender. Exercise caution with generic or misspelled email addresses, as they may indicate phishing attempts. Look for typos, or letters or numbers in places they shouldn’t be. Look at the domain to see that it matches the alleged organization, rather than a free email account. Is this someone you have done business with, or have any kind of relationship with? If not, while it might just be a marketing email or someone trying to sell something – it could also be someone reaching out for more nefarious purposes.
- Hover before you click: Prior to clicking, hover your mouse over the link to preview the URL. Ensure that it matches the expected destination and doesn’t redirect to suspicious websites.
- Examine the email content: Scrutinize emails for spelling and grammar errors. Legitimate organizations usually send well-crafted messages. Be wary of urgent requests or unexpected attachments, as these may be tactics to induce hasty actions.
- Avoid requests for personal information: Legitimate organizations will not request sensitive information, such as passwords or financial details, via email. Treat these requests with suspicion.
- Be mindful of MFA prompts: Don’t click one if you didn’t do anything that might prompt it. Always double check the location the MFA prompt indicates and ensure it matches your location (or your VPN’s).
If your organization has an email solution that indicates external senders (senders outside of your organization), pay close attention to the banner, popup, or indicator that someone isn’t in your organization. Many malicious emails pretend to be from people you know or interact with, and that can be an easy way to spot those.
While these tips can help, there’s no substitute for proper Security Awareness Training, Managed Security Services, and Security Risk Assessments. Tools like Endpoint Detection & Response (EDR) and multifactor authentication (MFA) are also integral to being proactive about security. ADNET suggests reviewing your security services and tools on at least an annual basis to ensure that they’re still creating a comprehensive cybersecurity strategy for your business.
Need help implementing proactive security solutions? Reach out to us – we’re happy to help.