Phishing Best Practices

Did you know 91% of all data breaches begin with a phishing email?

Phished and spoofed email messages are designed to trick you into clicking on a malicious link or attachment or revealing private information and passwords.
The messages appear to be from known senders. Senders can spoof their email address to trick you into thinking the email was sent from someone you know or a brand or vendor you commonly work with.
Phishing emails often bypass the spam filter because the body of the message does not contain malicious software and the sending address is a valid email address.

Phishing Best Practices

NEVER

Enter your email or any password when directed by an email link or attachment. Be cautious of document sharing links such as:

  • OneDrive
  • Google Drive
  • Dropbox

You should never need to enter your email password to access data that is shared with you. This is the most common way for a hacker to get access to your mailbox. Always VERIFY the document shared is valid by phone not by email.

 

NEVER

Click on the links or attachments if the email is not requested or explicitly expected regardless of the sender. Always VERIFY BY PHONE, not by email. The hacker is on the other side of your reply.

 

NEVER

Click on links or attachments from emails with scare tactics or statements of urgency.

 

NEVER

Click on links or attachments from ANY vendor or prompt for a so ftware update. Organizations commonly used include:

  • Fedex
  • UPS
  • Airlines
  • Banks
  • Adobe
  • Microsoft

Go to a browser and manually navigate to the desired website, log in and confirm the information. For shipping tracking, go directly to the site and copy/paste the tracking number for confirmation.

 

NEVER

Click on a link, download an attachment or enter your password on alert emails from so ware providers, such as Microsoft, Dell or Anti-Virus providers.

They will NOT notify you of an incident by email. (For ex: Outlook /Email warnings, Windows update warnings, Virus warnings, etc..)

 

NEVER

Accept social media invitations from the email link (Facebook, LinkedIn,etc). Go directly to the site and accept the invitation.

 

NEVER

Trust the displayed senders name, even if it is from a colleague. Be aware of clever schemes that include links, attachments, or if they ask for money or confidential information. Always VERIFY by phone, not by email.

 

Contact Dynamic Quest to learn more about the best cybersecurity solutions for your organization to implement to protect your organization from damaging phishing schemes.

Our Vendors