The best security remedies an organization can put in place start with education and teaching what to look for and what not to do. Morey Haber, vice president of technology at BeyondTrust, lists some of the gotchas that should make your employees back away from the incoming email.
Verify the links are for real domains and not questionable like .ru. There are several free services available, which can be found with a quick Google search, that can assist with verifying links. Never click before verification of a link.
If there are simple typos or grammatical mistakes or the subject line seems odd, it could potentially be a fake.
Verify the email address is really an internal address and from a trusted source. Do this by sending your own new and unique message to the alleged sender in question. Do not reply to a possible fraudulent email, as phishing criminals can very easily spoof an address so it appears to be from a trusted source.
Question the source
If your name is not in the To: or CC: line, or many of your colleagues are listed (dozens or even hundreds), question the source.
If an email requests any sensitive information like your address, bank accounts, Social Security number, or even date of birth, it is probably a fake. There is no reason someone (or company) should be collecting this information from you blindly, especially in an email format.
If an email requests you change a password by clicking on a link, just don’t do it. Even if the email appears perfectly legit, open a browser and go to the website using the proper URL instead. Then, change the password after you log in. Some of the best phishing emails look perfect when compared to these recommendations and will catch you by just changing your password.
Fill In The Form Below for industry news, and information about our services, events, webinars and more.