2106 Jan Girl Looking Down Computer

4 QUESTIONS You Can Ask To Avoid a Malicious Email

Rawpixel.com / Shutterstock.com

Malicious online activity threatens your professional and personal life on a daily basis.  It doesn’t take much for a hacker to crack your password and break into your online account or for a seemingly insignificant virus to slip into your network and corrupt every last bit of your data.  And, these days, phishing has become a go-to method for many hackers around the world.

All it takes is for one employee to open up the wrong email.  One click or one download later and you’ll find yourself in the middle of a full-blown attack, whether you realize it now or six months down the road (research from a few years back asserted that it takes companies an average of 458 days to notice an attack).

23% of all people that receive a malicious email open it.  To make matters worse, 11% of these recipients take things a step further and open the attachment or click the link contained in the email.  Why is this?  Because hackers have changed their tactics.

Targeting specific industries, companies, and job titles, Spear Phishing involves significantly more effort on the hacker’s end.  They spend a great deal of time researching their targets to make their email appear more legitimate and clickable.  Because of this, it’s crucial to know how to detect malicious emails before you unknowingly invite someone into your network.

Where did it come from?

Always check the sender before you do anything with an email.  Ask yourself a few questions.  Do you know this person?  Why would this person or company need to send you an email?  Are you expecting an email from them?  Do you do business with them?  Have you ever done business with them?  For what reasons would this person or company potentially reach out to you?  If you can’t answer any of these questions, you may want to avoid the email, or at the very least, not open or click anything inside it.

Is there a workaround? 

If you open an email, and you feel a little uneasy about what it wants you to click on or to download, try to find a workaround.  Can you get to the proposed link in another method?  For instance, if it’s an email asking you to verify your banking information, there are a few different options.  Manually type in your bank’s website and go at it from that direction.  Or, you can even call your bank and request confirmation.  Just don’t use any numbers listed in the email because they could be illegitimate.

How does the email look?

The majority of malicious emails have grammar mistakes.  If anything looks even a little off, don’t perform any action the email asks of you.  Verify the company name, contact information, and body of the email for punctuation, spelling, and capitalizations.  Avoid emails that look anything like this, “Please verify your online banking cridentuals.”  Also, carefully review the links.  For example, an email asking you to visit www.Targit.com probably isn’t legitimate.

What is the call to action?

Sometimes all it takes is a simple question to catch most malicious emails.  Take into account the previous scenario with the online banking credentials.  Why would your bank ask you to verify your credentials?  Do they give you a reason?  If they do give a reason, is it a good one?  Have they ever asked you to do this before?  Has any bank asked you to do this before?  Your answers to these questions should guide you to the appropriate response.  And, if you still feel hesitant, give your bank a call.

Sources:

http://resources.infosecinstitute.com/spear-phishing-statistics-from-2014-2015/

http://www.wired.com/2015/04/email-phishing-attacks-take-just-minutes-hook-recipients/

http://krebsonsecurity.com/2012/07/email-based-malware-attacks-july-2012/

Leave a Reply

Your email address will not be published. Required fields are marked *