The strongest cyber security protections are no match for a well-written “phishing” email.
A phishing email is a technique used to acquire sensitive information, such as bank account numbers, passwords, etc., through your email. These emails enable cyber thieves to circumvent firewalls, filters, and antivirus software, so it is critical that your employees know how to stop a suspicious email.
Here are four common types of phishing emails that you should never open:
One of the most common types of emails will appear to be from your bank, the IRS, or some other government authoritative agency. A good rule of thumb is to delete any email from a person, business, or agency you don’t know.
Typically, these agencies send a letter if there are any important updates to your account, or they can call you directly. If you want to verify the email by calling, visit the website directly and avoid clicking on any links in the email, as phishing can be done through hidden links that will lead to a fictitious website designed to steal your information.
DELETE any email you receive requesting that you verify your username, password, or bank account number. Instead, go directly to the website or app and update your information.
Look for typos or grammatical errors in the subject line or body of the email. Most phishing e-mails are sent from overseas by people who do not speak or write good English. It is also another sign that the web address of the company has been spoofed and they changed one or two letters in an attempt to trick someone into clicking a link.
Opening an attachment (or clicking a link) in an email from a person or company you don’t know is generally unsafe. This includes (but is not limited to): PDFs, zip files, music and video files, and Word or Excel files. Anything referencing an unpaid invoice or an “accounting file” (hackers use this tactic to get people in the accounting department to open e-mails).
To be frank, any file could carry a virus, so it’s best practice to be certain who sent the email before opening the file. The few moments it would take to verify the sender before opening is less than the time and money you will spend recovering from data loss and network downtime.