Organizations can implement policies and technologies to protect against many security threats. However, phishing is unique. It uses various techniques to gain trust and make users believe the request for access or information is valid.
This threat can’t be fought with technology. Instead, users need to be aware of what phishing looks like and how to respond. Below are five phishing awareness tips that security pros can pass along to their users.
1. Requests for Sensitive Information
A legitimate organization will never make an outgoing request for passwords, social security numbers, answers to security questions, or account numbers. Be wary of unsolicited emails or texts with any such demands.
2. Spelling and Grammatical Issues
A business email may contain a few errors. That’s to be expected. However, users should be aware that excessive errors are a red flag. Emails sent from official sources are usually checked for mistakes before they’re sent.
3. Unrealistic Message Content
One of the most important phishing awareness tips that users can receive is to follow their best instincts. If an email doesn’t appear to be legitimate, then it probably isn’t. Often, you get that gut feeling after reading unrealistic message content. Below are some examples of that.
- Threats that the recipient will be fired or have money stolen
- Claims that there is a dire emergency
- Statements about winning a lottery or gaining access to a prize
- Claims that the email is from an authority such as a government agency
Users should be encouraged to remember that no dire action will happen from their refusal to act upon a suspicious email.
4. Fake URL or Return Address
It’s necessary to pay attention to both the sender and return email address. If these don’t reflect the official domain name of an organization, that’s suspicious. In addition to this, users should pay close attention to any URL contained within the email. That mainly includes requests to click on any links. They may hover over these to reveal the actual URL.
5. Demands For Actions Outside Of Company Policies
No legitimate email, text, or call will ask the recipient to break company policy. For example, your employee may receive an email requesting they go to a website and download new “security software.” An instance like this would be unusual if your IT staff handles security through automatic updates. It would also be against company policies on downloading software from the internet.
What Can Users Do If There’s A Phishing Attempt
In most cases, the best course of action is to do nothing and contact IT. If your employee receives a suspicious email, they should document what happened and whatever action they took. They should also always be sure to hold onto the email for reference.
Conclusion: A Culture of Awareness Using Phishing Awareness Tips
When you give your employees phishing awareness tips, it helps create a culture of awareness around IT security. This culture can build a sense of urgency when it comes to protecting company information.
In addition to information and education, it’s critical to verify that employees recognize and respond appropriately to phishing attempts. You can do this by implementing a phishing awareness test. Send an email using various phishing techniques, then see how employees react.
Convergent has IT Experts who can help design and implement such tests. Want to give one a try? Download our free How To Implement A Phishing Awareness Test Infographic to measure employee awareness of phishing tactics. If you’re looking for further assistance, contact us.
