Steps to Identifying and Responding to Phishing Emails

Phishing is one of those threats that has been around for a while, and as time passes by, only become more difficult to identify. Some businesses can’t tell the difference between phishing scams and actual emails. Listed below are steps your organization can take toward properly identifying and responding to phishing emails.

To illustrate our point, let’s look at an example. You might receive emails claiming that you have won some wild prizes, but you don’t remember putting your name into the running for them. The message is delivered in a way that makes you think it’s from someone who doesn’t speak proper English, and it certainly doesn’t sound like a professional message. Additionally, the email makes you want to pull the trigger immediately by claiming that the prizes are time-sensitive.

These are all common tactics utilized in phishing messages. They often come in the form of fake invoices or from those higher up in the chain of command. You might receive a message that appears to come from your boss asking for a wire transfer, for example.

Basically, the majority of phishing emails will showcase the following characteristics:

• Something that appears too good (or too wild) to be true, like winning a prize.
• Spelling and grammar errors; many phishing campaigns originate outside of the United States.
• A sense of urgency that pushes the user to act a certain way, such as paying an invoice or clicking on a link to enter contact/financial information.
• Links to click on or attachments to download; these are often infected with malware or give hackers alternative methods of infiltrating your systems.
• The email comes from a strange email address that does not coincide with the sender’s supposed identity. It’s always imperative to check the sender.

These are far from the only warning signs, but they are the ones that you should be particularly aware of. Phishing messages often look so convincing that the recipient might not even think twice before downloading an attachment or clicking on a link. It’s critical that you treat all messages with the same level of scrutiny at the minimum. Be sure to try to identify the identities of the senders if possible through some type of external communication, like a phone number or, you know, walking to their office.

Macro Systems wants to help your business train employees to identify threats from phishing scams and emails. If you can train your staff to leverage a certain level of scrutiny against messages like these, then you naturally make them more resilient to falling for them. To learn more about how you can make this happen, give us a call at 703-359-9211.