Cybersecurity is more complicated and more important than ever for small and midsize businesses. Companies could go broke chasing the latest, greatest cybersecurity software tools or consultancy arrangements, and yet the greatest defenses most companies can employ are free. Awareness and training remain the most critical defenses for businesses of all sizes.

Training users to identify and avoid phishing and spearphishing attempts is perhaps the best cybersecurity training investment companies can make, as 95% of all attacks on enterprise networks are the result of successful spearphishing, according to the SANS Institute for security.  Spearphishing takes advantage of people’s natural inclination towards fear or greed with bait and switch.

“You must pay or your assets will be frozen!”

“We will share incriminating evidence about you if you don’t provide us information!”

“This is your boss: There is an urgent matter, I need you to wire money to a vendor immediately. Don’t delay”

These are 6 ways to identify a phishing e-mail:

  1. The e-mail was sent by a person unknown to me from an e-mail address that does not belong to my company or from a suspicious domain name.
  2. The E-mail sent from a sender with whom I do not have a business relationship nor past communication.
  3. The e-mail contains an embedded hyperlink and an attachment with the subject line that irrelevant or does not match the message content that asks me to click on a link or open an attachment to avoid a negative consequence, to gain something of value, or to look at a compromising/embarrassing picture of myself/someone.
  4. The e-mail was sent at an unusual time, and cc’d to an unusual mix of unknown recipients.
  5. The e-mail attachment is not expected or does not apply to the content of the message.
  6. The e-mail body consists of a long hyperlink with no accompanying text; hyperlink is misspelled, or point to a different website.

What do you do if you see one of these messages?

Ultimately, you should either ignore these messages or report them to your IT department or both. We can train your spam filter to block messages from this sender in the future. But one good rule of thumb is to ask a co-worker anytime you see ANYTHING out of the ordinary.

Security is a top priority for our team at Upward. If you haven’t been able to conduct security awareness training for your staff, please reach out to us today for a free end-user Security 101 training.