Identifying phishing emails is part of our on-boarding new hire process and intrusion prevention plan at New Horizons Learning Group. With hundreds of employees across four states, we are constantly educating our employees on how they can prevent attacks.
Even though we stop thousands of phishing emails each week it is important for you to know how to recognize them as some will make it to your inbox. Email security is a top concern for us and we need your help to prevent our sensitive information being taken by criminals. If you are ever unsure of an email you’ve received please send it to your internal IT or help desk. We can test it safely and we will let you know if it is safe to open or click.
Here are some examples of how to identify spear phishing emails:
1. Email Sender Name and Address
Email sent from: Ryan Landry <email@example.com>
- Phishing Clue: This is not Ryan Landry’s email address, nor any variation of. Make sure you recognize the email and sender of any email. Even common domains can be replicated by one letter.
Email Sent from: <firstname.lastname@example.org>
- Phishing Clue: This email address is interesting and close to the company's real domain however Americanexchangegroup.com redirects to www.axnygroup.com. Certainly not from AMEX Corporation.
2. Grammatical Errors
Email Content: Can you let me know if you can help me purchase some Amazon gift cards today at the store. Do get back to me so I can let you know the type of gift card and denominations, Email me back i can't take calls right now. Thank you Sent from my Mobile Device
- Phishing Clue: Grammar mistakes are very common in phishing email. While we all fat finger from time to time, phishing emails usually have obvious grammatical or syntax mistakes.
3. Membership Access, Especially Final Reminders
Email Content: Dear Valued Member, Did you recently verify your User ID as requested by all American express Member? If not, then it's time to do so. We request all valid member to update their profile information to manage your American Express® Card account online. We have sent all members our updated HTML Web Page to update to enable us serve your better. If you recently updated on our HTML Web Page, you can disregard this email and card access will be automatically active. This is to help protect your identity online, we want to be sure that all valid members are part of this program. For your convenience, please follow the Important instruction on HTML Web page update: An HTML Web Page has been attached to this email· kindly Download and save to your device desktop· Continue by filling your profile information to re-activate your card access
Phishing Clue: In addition to the grammatical mistakes you will never be asked to download, save an attachment, or re-verify log in information solely by email from a reputable merchant.
How can you help prevent data breaches?
Password Exploitation – 83% of Americans Are At Risk
Let’s face it: most of us follow terrible password security procedures. Do you use the same password for more than one website? Or are you one of the 23 million people who use “123456” as one of their passwords? The truth is, 83% of Americans are using weak passwords (Avast), even as the threat of account hacking climbs every day.
In January 2019, the “Collection 1-5” data breach exposed 2.2 billion unique emails and passwords, and in the first six months of 2019, there were a total of 4.1 billion records exposed worldwide. When data breaches like this happen, account holders are exposed to the risk of having their personal data, money, or identity stolen by hackers. In fact, 81% of hacking-related data breaches was caused by password exploitation (Verizon). With more organizations moving their operations to the cloud—and with the average business having 23 apps that require passwords—the risk of data exposure is higher than ever.
With nearly 300 billion passwords being used by people and computers worldwide, long or complex passwords no longer provide enough security, and users rarely follow best practices for secure passwords. Two-factor authentication—in which users need to enter a password plus additional identifying information—was created to increase the security of even weak passwords, but adoption is slow, even in the IT field. The Ponemon Institute found that 55% of IT security professionals don’t use two-factor authentication at their organization, and LastPass found that only 15% of IT administrators enforce the use of multi-factor authentication. The resistance comes mainly from users who find it unnecessarily burdensome to keep track of multiple passwords or authentication procedures.
This lack of adherence to password security best-practices is turning costly for businesses. In addition to the obvious losses in revenue a company might face during a data breach, DataProt reports that 33% of people stop doing business with companies who experience a data breach that leaks consumer credentials. With password exploitation posing such a threat to their bottom line, many organizations are prioritizing IT security positions to mitigate their risk. In fact, 82% of companies say they lack the necessary security skills in their organization.
Help fill the gap; upgrade your skills today or start a new career in IT security that will make you essential at any organization. New Horizons offers courses and certifications in a variety of cybersecurity topics that will teach you the skill you need to learn what earns.
These three tips and tricks can help you identify a harmful phishing email, not divulge personal or company information or access and prevent a larger scale attack. To learn more about intermediate and advanced Cybersecurity or End User Cybersecurity training, please contact us.
Editor's Note: This post was originally published October 24, 2018 and has recently been updated and revised for accuracy and comprehensiveness.