Now that most of us have come back to work for a while, I thought it would be a good idea to go through some of the things we should all be paying attention to, whether we’re working at home or working in the office. The fact of the matter is that it doesn’t matter where you are. If you have access to your e-mail, you will probably receive a phishing e-mail. If you have access, then there will be a chance that a phishing e-mail will find it’s way into your inbox. It pays to be ready and to know what to look for.
1) Check the e-mail – Most e-mail clients will allow you to see the actual e-mail address of the person who is sending you the e-mail. This is important because if you’re expecting a big e-mail from your boss and one comes in with his or her name on the “from” line, but the e-mail is not correct, then it’s a phishing e-mail. The e-mail being shown may be completely wrong, like a numbered Gmail account, instead of the person’s corporate e-mail that they would typically use. It’s essential to pay attention because some phishing e-mails will show up as the person’s legitimate e-mail but with a .org extension instead of the .com that they actually would use. This and other small adjustments to the original legitimate e-mail could show that it’s a phishing e-mail. It takes 2 seconds to check, and for sure, you will be able to spot any differences should they show up.
2) Check the Grammar – I’ve talked before about how sometimes you will get phishing e-mails, which are easy to spot because the message being conveyed is tough to understand. The reason for this is that the e-mail is likely being written in another language and then being google translated to English. This means that there will be words in the wrong places or just wrong words being used. This indicates a phishing e-mail.
3) Check the aggression – A lot of the time, Phishing preys on the fact that we all are very busy people. We all have a finite amount of time, and we need to focus on things that matter. Because of this, Some phishing e-mails will get very aggressive with their language. Not rude per se, but they will try to scare you into doing as the e-mail says. Things like “IF YOU DON’T CLICK THE LINK THEN YOU E-MAIL WILL BE COMPROMISED!!!!” or “IGNORING THIS E-MAIL WILL RESULT IN PRISON AND A FINE!!!!” These scare tactics are designed to grab your attention quickly and scare the daylights out of you, so you’re willing to do whatever is being asked. DO NOT FALL FOR IT!!!
4) CALL the person – Spam e-mails can go out 24/7 365, but there is no confirmation more legitimate than actually talking to the person and asking if they just sent you an e-mail. I want to make an important distinction here. Calling the person is a great way to make contact. E-mailing them back is not. If the person’s e-mail has been compromised, then if you e-mail them, it’s entirely possible that the person you’re e-mailing is the hacker, and not the person. Picking up the phone and speaking to the person is a great way to validate an e-mail because if they didn’t send it, it also lets them know that their system may have been compromised. I have never come across a situation where if I were to call a person and ask if they’d sent me an e-mail, they would get frustrated with me.
5) When in doubt, delete – The simplest of all solutions. When working at home, working in your office, or going through your personal e-mail, there is no security like simply deleting the e-mail. As part of this, I would also advise looking into your e-mail client’s settings and seeing if you can auto-delete anything in your e-mail trash. After some time getting entirely rid of the offensive e-mail gives you peace of mind, if nothing else, knowing that the phishing e-mail isn’t just sitting in your trash.
It doesn’t matter if you’re working from home or if you’re working in an office. Phishers are now and have always been everywhere. There is no app, no piece of software, or no Anti-virus that will work better at defeating possible phishing attacks like the person sitting in front of the computer (that would be you). It is critical that you, as a user, are both knowledgeable and vigilant about what e-mails get into your inbox and what gets clicked on. If you are active and sharp and always on the lookout, you will likely not fall victim to one of these attacks. If you are lazy and don’t pay attention, who knows what could happen.
Have you seen any Phishing e-mails lately?
Let me know in the comments section below. If you like this blog post and want to see more, you can follow me on Social Media (LinkedIn, Twitter, Instagram, and Facebook @jasonlovefiles) or Subscribe to my blog to get new content delivered directly to your mailbox.