Every day every person with email is put to the test. No matter the job title or position, we all get phishing emails. And no matter your knowledge of cybersecurity, you make the initial decision of whether a message is malicious. So, when deciding whether to call the IT Help Desk, here are some solid, simple tips and tricks from the top to help ANYONE dodge bad guys' phishing hooks, nets, and spearguns.
Not everyone has the time to call their IT provider's remote support just to check emails every morning. You can follow the 'WHO, WHAT, WHERE, AND WHEN' model to stay safe. Just like a good event flyer, these four items should be clear and make sense for you to be interested. Let's break it down…
When considering WHO a potentially fake email is from, we can generally use common sense. We ask the WHO factor first because it seldom is a 100% indicator of safe OR malicious emails, but helps set your alert level as you dig deeper. Of course, if I have never received an email from that person before, I will proceed with extreme caution; but that is not the only situation where the WHO should make you skeptical of "is this email real?" A perfect time to be careful of an email's content is when you receive it from someone who you trust but rarely communicate with through email, especially direct emails to just you. For example, every time I receive an email from our company's owner, I am at full DEFCON 1 of email suspicion. Executives and owners' names and spoofed or hacked email accounts are a go-to for email scammers because employees are quick to comply with top management's weird requests. But why would the owner of my company write an email just to me? And why are they asking me to do something for them, like provide information or pickup gift-cards when they have an assistant?
WHAT the sender is asking you to do can be a clear sign of trouble. Whenever encountering any of the following requests in a potential phishing email, you should make sure to verify it thoroughly:
- Asking to click a link when you have not requested the link or the information they are stating it provides.
- Log in to ANYTHING to re-enter or confirm information or reset your password. This is a double red-flag if they ask you to follow a link sent to enter that password or information. For example, it should sound the alarms if your cybersecurity firm is reaching out to you to reset a password.
- Open any file you did not expect to have sent to you. Microsoft Word and Excel are common culprits, but any Office file type, PDF, VBS, or even an image can have you hacked from the second you clicked it.
- Do something outside of your normal job responsibilities or title. These include sending information for which you are not the usual point-of-contact, or purchasing gift cards.
WHERE is the tricky one, so I saved it for the third. However, when you get comfortable with checking the WHERE, you can spot many fake emails quickly, as well as any cybersecurity specialist. The WHERE we are talking about in this case is the full email address of the sender and possibly the relaying email server; because firstname.lastname@example.org and email@example.com are two completely different senders. We look at the WHERE in the header of the email message; in most cases, it will be displayed by your email software, though sometimes you need to click the FROM box. When examining the FROM address, take the time to read it over carefully since tricking your eyes with out-of-place letters or periods is precisely what the hackers are trying to do.
And lastly, WHEN is a pretty simple one. Was this email sent at a time that makes sense for the sender? Was the email sent at a time outside of when that person normally works? Is your IT help desk sending you emails at odd hours? These could be signs of foul play and time to call your cybersecurity team in for a closer look.
Now YOU have the tools to judge and raise the alarm to your IT provider when you receive malicious emails like spoofed executive email addresses and phishing attempts!