Phishing attacks and scams have thrived since the COVID pandemic began in 2020 and today, phishing attacks account for more than 80 percent of reported security incidents. Week 2 of Cybersecurity Awareness Month encourages us to “fight the phish,” and stresses the importance of being wary of emails, text messages, or chat boxes that come from a stranger or someone you were not expecting.

Phishing emails are a common way attackers take advantage of, or exploit, businesses in order to gain a foothold within them. Once attackers have access to an organization’s systems, the potential damage they can cause to that organization is limited only by your imagination.


What can you do to prevent a phishing attack if you get a suspicious-looking email? Here are a few tips.

  • Check for grammatical and punctuation errors. Marketers and content creators go to great lengths to create emails directed at a target audience, with incredible attention paid to content, subject line, call to action, etc. Emails that contain poor grammar or punctuation errors are likely from inexperienced attackers.

 

  • Keep an eye out for emails with urgent deadlines, typically with warnings and potential consequences.

 

  • The email should never ask you for sensitive information. Legitimate businesses have reputations to uphold and will never ask you for personally identifiable information via email. As one example, banks will typically warn, “We never ask for sensitive information such as account numbers or passwords.”

 

  • “If it sounds too good to be true, it probably is.” Emails that offer free rewards, or unsolicited rewards, should be regarded as highly suspicious. 

 

  • Verify the link before you click on it. When you receive an email with text links or call-to-action buttons, you can hover your mouse over a link or button to get a preview of the destination URL. Does the URL contains a verified domain you trust? If it doesn’t, don’t click the link!

 

Pay attention to these keywords. Subject lines highlighting “new message,” further action requirements, invoice, or fax number are also popular phishing methods, according to Expel, with phrasing focused on expiration notices for emails and passwords, verification requirements and others. "Keywords that promote action or a sense of urgency are favorites among attackers because they prompt people to click without taking as much time to think.”[1] Don’t fall for it!

Phishing attacks are on the rise and getting more sophisticated every day. If your company is ready to add safeguards against this common form of cyber threat, Trava can help you assess your overall cyber risk and implement phishing simulations to help bolster your risk management strategy.



Citations

[1]Adams, R. Dallon, The top keywords used in phishing email subject lines, TechRepublic, Sep. 9, 2021, https://www.techrepublic.com/article/the-top-keywords-used-in-phishing-email-subject-lines/?ftag=TRE684d531&bhid=30000941531970895973268070220502&mid=13506812&cid=2422472809