SHOW
Phishing emails are the leading cause of Ransomware attacks but what are the main types to look out for?
A wide net phishing scam is sent to the masses from a knock-off corporate entity asking them to enter their credentials or credit card details.
How to spot them:
Attacks that rely on email spoofing appear to be sent by a trusted sender
• Identify errors or inconsistencies like misspellings or a sender email address with the wrong domain.
• Review the message for any logos that look odd because they may contain, malicious HTML attributes.
• Ignore emails that have only an image and very little text.
Emails that directly target a specific organisation or person using tailored information.
How to spot them:
• Look out for internal requests that come from people in other departments or seem out of the ordinary for the job function.
• Be wary of links to documents stored on shared drives like Google Suite, O365, and Dropbox because these can redirect to a fake website.
• Avoid documents that require a user login ID and password. This may be an attempt to steal your credentials.
• Do not click a link from an alleged known website. Instead, open your browser and type in the website yourself. This way, you can be sure you are getting to the right website and not a phishing one.
Is a spear-phishing attack explicitly directed at senior executives and other high-profile targets.
How to spot them:
• Rethink taking the requested action if a senior leadership member has never made contact before.
• Make sure that any request that appears normal is sent to a work email, not personal.
• If the request seems urgent and might be costly if it is fake, send a separate email\text or call the recipient and verify his request. Better safe than sorry.
A legitimate email message is copied, then altered, sent from a trusted organisation, and replaced with a link redirecting to a malicious website.
How to spot them:
• Be wary of unexpected emails from a service provider, even one that might be part of normal communication.
• Look out for emails requesting personal information that the service provider never asks for. If you know the request is legitimate, it is best to go to the browser and type the information directly into the website.
At Nimbus, we protect our clients emails with software that can detect and spot phishing attempts before they reach your inbox. If you would like to find out more about how we can protect your email systems please contact our team today!
