Identifying phishing emails is part of our on-boarding new hire process and intrusion prevention plan at New Horizons Learning Group. With hundreds of employees across four states, we are constantly educating our employees on how they can prevent attacks.
Even though we stop thousands of phishing emails each week it is important for you to know how to recognize them as some will make it to your inbox. Email security is a top concern for us and we need your help to prevent our sensitive information being taken by criminals. If you are ever unsure of an email you’ve received please send it to your internal IT or help desk. We can test it safely and we will let you know if it is safe to open or click.
Here are some examples of how to identify spear phishing emails:
1. Email Sender Name and Address
Email sent from: Ryan Landry <firstname.lastname@example.org>
- Phishing Clue: This is not Ryan Landry’s email address, nor any variation of. Make sure you recognize the email and sender of any email. Even common domains can be replicated by one letter.
Email Sent from: <email@example.com>
- Phishing Clue: This email address is interesting and close to the company's real domain however Americanexchangegroup.com redirects to www.axnygroup.com. Certainly not from AMEX Corporation.
2. Grammatical Errors
Email Content: Can you let me know if you can help me purchase some Amazon gift cards today at the store. Do get back to me so I can let you know the type of gift card and denominations,Email me back i can't take calls right now. Thank you Sent from my Mobile Device
- Phishing Clue: Grammar mistakes are very common in phishing email. While we all fat finger from time to time, phishing emails usually have obvious grammatical or syntax mistakes.
3. Membership Access, Especially Final Reminders
Email Content: Dear Valued Member, Did you recently verify your User ID as requested by all American express Member? If not, then it's time to do so. We request all valid member to update their profile information to manage your American Express® Card account online. We have sent all members our updated HTML Web Page to update to enable us serve your better. If you recently updated on our HTML Web Page, you can disregard this email and card access will be automatically active. This is to help protect your identity online, we want to be sure that all valid members are part of this program. For your convenience, please follow the Important instruction on HTML Web page update: An HTML Web Page has been attached to this email· kindly Download and save to your device desktop· Continue by filling your profile information to re-activate your card access
Phishing Clue: In addition to the grammatical mistakes you will never be asked to download, save an attachment, or re-verify log in information solely by email from a reputable merchant.
These three tips and tricks can help you identify a harmful phishing email, not divulge personal or company information or access and prevent a larger scale attack. To learn more about intermediate and advanced Cybersecurity or End User Cybersecurity training, please contact us.