By our IT department.
Based on Hong J. (Hong, 2012) Phishing emails are a type of targeted email attack where social engineers lure the recipient into performing specific actions such as clicking on a malicious link, opening a malicious attachment, or visiting a web page and entering their personal information.
Furthermore, Singer PW and Friedman A (Singer & Friedman, 2014) mentions that Phishing attacks seek to trick recipients into believing that an email is legitimate, in order to solicit sensitive information (e.g., usernames, passwords, and credit card numbers) or install malware. As a result, phishing is a fundamental component of many cyber-attacks and is often used as a first step in advanced persistent threats.
Below you can find instructions on how someone can identify and deal with suspicious emails:
- Upon the receipt of any email ask yourselves these two questions:
- “Do I know the sender?”
- “Am I expecting such an email from this person?”
If the answer to both questions is no, delete the email immediately.
- Do not give your email to users or organizations you do not know or trust.
- Do not provide personal or sensitive information by email.
- Look for inconsistencies in links, email addresses and domains. Phishing emails often have email addresses that are different than the name on the email account. They may also use domain names that appear to be slightly off in some way. Users can hover over a link or email address and check the address before clicking or replying.
- Block and delete emails from strangers asking for personal information or promotional emails that are not of interest to you.
- If a message from a well-known company is formatted badly, has obvious misspellings, or is unrelated to you, this is a red flag.
Call or compose a new email to the sender, asking if they have sent such an email.
- Be aware of requests with high urgency requiring quick action or requesting personal and/or financial information. If you are ever in doubt, double check such requests with the sender either by phone or by composing a new message - never reply to the original message.
- Do not open email attachments unless you are completely sure of the sender’s identity, especially if you did not expect such emails.
Be careful when you are using a tablet or mobile device. Attempting to detect phishing emails from such devices is getting more challenging.
Cybercriminals rely on the fact that users are in a hurry or busy and combined with the fact that spam emails appear to be legitimate maximizes the risk of falling victims.
References:
Hong, J. (2012). The state of phishing attacks. Communications of the ACM, Volume 55, Issue 1, 74-81.
Singer, P., & Friedman, A. (2014). Cybersecurity and Cyberwar: What Everyone Needs to Know. Oxford University Press; Illustrated edition.