• Products and Solutions
    • I.T. Support
    Partek 360 Managed I.T. Services
    Help Desk
    Projects and Consulting
    • Infrastructure
    Servers & Networking
    Business Continuity
    Business VOIP Solutions
    Wifi
    Managed Print Solutions
    • Cyber Security
    Ransomware Protection
    Managed Threat Response
    Email Security
    Endpoint Backup & Disaster Recovery
    • Cloud Solutions
    Microsoft 365
    SharePoint
    Private and Managed Cloud
    • Web
    Website Development
    Website Management
    Hosting and Security
    Email Marketing
  • Company
    We’re always up for a chat!
    Get in Touch
    • About us
    Meet the Team
    Careers
    Contact Us
    • Stories
    • Case Studies
    • Client Success Stories
    • Website Portfolio
    • Blog
    Latest Articles

    Topics

    • Cloud
    • Cyber Security
    • Email
    • Information Technology
    • Website Design
    • Wifi
    • Recent News
    Partek has achieved Sophos Gold Partner status! 🌟
    30Mar

    Partek has achieved Sophos Gold Partner status! 🌟

    What is Phishing?
    09Feb

    What is Phishing?

  • Contact
Support

Cyber Security Awareness Month: Phishing

  • Home
  • Archive
  • Cyber Security
  • Cyber Security Awareness Month: Phishing
Cyber Security Awareness Month: Managing Passwords
October 7, 2022
Cyber Security Awareness Month: Multifactor Authentication
October 21, 2022
October 11, 2022
Categories
  • Cyber Security
  • News
Tags

Don’t take the bait: Phishing Emails.

Whether a large-scale invasion or a smaller targeted campaign, all successful phishing and email-based ransomware attacks are disruptive and damaging on some level. The simple reality is that they rely on human error. In order for cyberattacks to succeed, someone, somewhere, needs to take the bait.

Cybercriminals utilize social engineering techniques—some basic and some very sophisticated—to manipulate human emotions and trigger a response. Small steps can amount to big strides when it comes to protecting data, devices, and systems at work and at home.

Here are some simple, practical cybersecurity awareness training tips you can use to identify and avoid malicious emails: 

Stop Skimming and Start Studying 

Learn how to successfully detect a phishing email. 
The average employee receives so many emails that they’re conditioned to skim messages and make quick decisions. 
When we don’t slow down and think critically, we take unnecessary risks. There can be clues both on the surface and just below the surface of the message that can alert us to things that aren’t right. 
 

For example: 

  • “From” addresses, URLs, and embedded links can masquerade as things they aren’t. Do not take these items at face value (even if a name, logo, or other identifiers seem familiar and safe). 
  • On your PC, hover over—or “mouse over”—these pieces of content and examine the info that appears (you will often see the true destination of a web address in the bottom left of your browser window). 
  • On mobile devices, use a “long press” or “long click” and review the information in the pop-up window. If there appears to be a mismatch between what you expected to see and what is actually presented, steer clear.

Look, don’t click

The content or topic of a message might not be quite right or not fully relevant to you. Be on alert if the tone of an email from a colleague, friend, or relative seems inappropriate or just doesn’t “sound like” them. Likewise, be sure to question the receipt of an invoice or shipping notification that doesn’t make sense based on your ordering history. Thoroughly read what is written; don’t just skim past details. 

Check for spelling errors

Misspellings and poor grammar can be indicators that the email did not originate from a trusted source. This is particularly true with messages that appear to be from a well-known, well-established individual or organization.  

Be aware of urgency

In general, any unsolicited email—that is, any email that you were not explicitly expecting to receive—should be looked at carefully. But you should be particularly wary of any email that seems like it’s designed to trigger an emotional response — fear, surprise, excitement, concern—and that urges you to respond or act in some way (click a link, download a file, confirm/change a password, etc.). 

Think It Through 

After you read an email, take a moment to digest it. Give yourself the space to act thoughtfully, rather than just reacting in the moment. To help get yourself out of the habit of skimming and reacting, consider asking yourself a few quick questions about any email that requests a response or action that could compromise sensitive data, devices, or systems. 

For example:

  • Was I expecting this message?– If the answer is “no,” ask more questions. 
  • Does this email make sense? – If the tone doesn’t seem right or the information you’re being provided doesn’t make sense, it could very well be a phish. 
  • Am I being pushed to act hastily or out of fear? – If you are, this is a major red flag. 
  • Does this seem too good to be true?–If you can’t believe what you’re reading, it’s likely you’re reading a phish. 
  • What if this is a phishing email? – This is a great question to ask yourself, because it can help you work through the things that could happen if you’re dealing with a phishing attack. Could you be downloading malware that would corrupt all your files? Could you be turning over a password or credit card number to a criminal? Could you be exposing your coworkers’ private information to a scammer? 

Verify, Verify, Verify 

It’s critical to remember that, with phishing scams, things are never what they seem. The reality is that a message can look and even sound legitimate but still set off a warning bell.
For example, an email that comes from a corporate IT address and tells you to download new security software can seem trustworthy; it appears real and is on topic. But would that really be the process your IT department would follow?
If you don’t have 100% confidence, be sure to take a few extra steps to verify that you are dealing with a legitimate request before you click a link, download a file, or reply with sensitive data.

Here are some easy ways to confirm that an email is legitimate:

  • Instead of clicking on a link, open your web browser and type in a known, trusted URL and navigate to the site yourself.
  • Instead of replying to an email or calling a number included in the message, do your own fact-finding. Use an email address or phone number that you are able to confirm.
  • If you’ve received a questionable message from a colleague or friend, contact them via another channel (like a phone call or text message) to make sure they sent it.
  • Reach out to your IT team for advice (and to alert them that there is a potential phishing threat active on your organization’s network).
It takes just a minute to confirm a questionable message, whether it comes from a coworker, internal department, financial institution, or other source. In contrast, it can take days or weeks (or even longer) to remedy the consequences of interacting with a phishing or ransomware email. And sometimes you can’t ever remedy the consequences.

Suspicious of an email?  Don’t click! 
Forward it to your I.T. Managed Service Provider for review.

Get in touch with us!
Share

Related posts

March 30, 2023

Partek has achieved Sophos Gold Partner status! 🌟


Read more
February 9, 2023

What is Phishing?


Read more
January 9, 2023

Social Engineered Cyber Attacks


Read more
December 5, 2022

Define your cybersecurity risk


Read more

[email protected]
[email protected]

Medicine Hat

202 – 132 4th Ave SE
Medicine Hat, Alberta
T1A 8B5
(403) 488-3333

Swift Current

101 – 140 2 Avenue NW
Swift Current, Saskatchewan
S9H 0P2
(306) 437-0803

Get the latest from Partek

Email updates on the latest tech, cyber-security advice, best business practices, and Partek news.

  • Open a Support Request
  • Remote Support Portal
  • Make a Payment
  • Partek Client Portal
  • Careers
© 2023 Partek I.T. Solutions | All Rights Reserved | Privacy Policy