Train Employees to Spot Nasty Phishing Email Tricks

Train Employees to Spot Nasty Phishing Email Tricks

Just one major data breach is enough to severely damage your company, so how are you training employees to handle potential threats by tricky hacker emails?  

All it takes is one bad click and a hacker can be into your system, accounts or data. Hackers and scammers are now using tricky email tactics to create a backdoor into your system or accounts. The emails typically look genuine and trick your employees into clicking a link or opening an attachment that will create a massive security issue. Most commonly, the hacker will be asking for a ransom to restore the account or end the malware attack.

Many businesses aren’t able to bounce back from a cyberattack, with 60% of small businesses closing within 6 months of a breach. However, with proper training to spot phishing clues, you can avoid your employees being your biggest security threat.

Practice "Better Safe Than Sorry"

Employees are reporting suspicious emails on a regular basis in companies around the globe. Nearly all 660 companies surveyed by Barracuda Networks (94%) reported employees were reporting emails they thought might be phishing. Over half of those emails (54%) were found to be safe and legitimate. Yet, this shows that it’s better to err on the side of caution and that the company culture should encourage these careful approaches. Better to have a false alarm than a breach that costs the company over $100,000 (the cost of a breach according to 2/3 of respondents).

  • Employees should double-check with the recipient themselves (in person or over the phone) before opening an attachment they didn’t expect from another employee.
  • Suspicious or questionable emails (especially those with links, buttons or requesting information), should be flagged and checked by your IT team.
  • Trending hacker emails and fraudulent phishing ploys should be posted for employees to note.

The Information Doesn’t Seem Right

Many of these phishing attempts will look like they are from a company you recognize. They will use logos and tell you a trick story to get you to click on a link or open the attachment included. They might even use an innocent email probe and send the phishing email after getting back a response from your employee. The emails might include unexpected stories:

  • They noticed suspicious log-in attempts or activity
  • There is a claim your account or payment information is having a problem
  • Confirmation of specific information is requested
  • A fake invoice is sent or payment is requested by clicking on a link
  • A coupon claim with an attachment or link

If the request is unexpected (even from a company you would normally trust, like eBay, Netflix or another company employee), it is always better to double-check. In some cases, this can be done by directly asking the person who sent it before opening up or clicking on anything. In other cases, you can double-check by logging into your account through a separate browser (not clicking the link!) and looking for a similar notice. For questionable attachments without the ability to verify, talk to your IT support team and let them have a look before opening it.

Note if the Language is Odd

One of the keys for spotting a phishing email is to note that the language is often a bit off. Hackers have moved past the Nigerian prince inheritance scam-style emails for the most part, but they still aren’t quite capable of truly professional language in most cases. Look for strange points in the email that could flag it as being slightly off.

If Netflix opens the email with “Hello Dear,” you may need to question everything in the email. If the “from” email address seems a little strange, question the email. Check the bottom signatures and links too, making sure the information lines up with what you would expect from that company. Look for typos or strange phrases, especially if a link button is included. These hacking emails often expect your employees to be so numbed to the daily barrage of email, that they will click to get the task done without thinking twice about it.

Take Extra Security Measures

While training your employees will be a key factor to safety, you may want to hire outside help or have an IT department that will keep employees regularly up-to-speed with best practices and safe policies. Along with solid training to spot hacker emails, you will want your IT department to protect your company from these attacks:

  • Audit your company to find weak spots or potential threats for a breach
  • Use the best and latest security software to stop any new security threats
  • Protect personal devices and smartphones with automatic updates for software providing critical security for threats like these
  • Introduce multi-factor authentication in case a username or password is stolen (changing a password might require a text code sent to your personal phone to be entered as well)
  • Back up your data in case of a malware attack and have a plan for emergency situations

If you need a bigger Vermont IT services team with more resources, you can outsource your tech solutions with a managed IT services company. The right company will help you protect your company against attacks you can’t afford.