Phishing emails are not always obvious and when you’re in your day to day get-work-done mode it can be easy to fall victim. This post covers a few basic email browsing habits that will help you to avoid getting phished.
Don’t take everything at face value. Before you open and click an email, go through these questions:
- Is the email from someone I recognize?
- Am I expecting the email?
- Are the requests of the email reasonable?
- Is the email using emotional gauges like fear or urgency to entice an action?
Before clicking any links in the email, hover your mouse over the link and the actual URL will appear. Double check to make sure the real URL is leading you to the right place. You don’t want to be clicking a link to [ju-spandoo.de/82359/index.html]ju-spandoo.de/82359/index[.]html. Hackers will also try to spoof the URL to look like the legitimate address. You want to investigate to make sure the domain is the same as the sender of the email.
- Copy and paste the link into the URL section of your browser to check it. That’s the same as clicking the link.
- Forward a suspected malicious email to other people. You don’t want to further the potential damage, especially within your organization.
- Open the malicious email on your mobile devices. They are not immune to malware and viruses.
- Solely rely on antivirus software. AVs protect against viruses with known signatures, but are susceptible to new malware that goes undetected.
- Immediately Report suspicious emails or activity on your computer to your IT or Security Department immediately about the email
- After your IT/Security gives the ‘OK’ delete the email from your Inbox AND from Deleted Items
- Closely check the sender email address—often times the spoofed email will be one letter off.