The global pandemic has led to the historic transition to remote work. According to Gartner, once COVID-19 was declared a global pandemic, 88% of companies worldwide either made it compulsory or persuaded their employees to work from home. Unfortunately, this has also resulted in a rise in cybercriminals committing email phishing attacks. The numbers have been record-breaking, with 85% of all organizations being hit by a phishing attack at least once. 96% of those attacks were intended to gather intelligence, according to SecurityBoulevard.com.
Cybercriminals are becoming more persistent and evolving to take advantage of most companies' lack of preparedness to shift to work-from-home setups. Therefore, it’s crucial to be vigilant and equip your employees with the tools, technologies, and knowledge for avoiding email phishing attacks. Here’s how:
Hover over links before clicking
Click wisely. Phishing emails contain malicious links that will lure you into providing the personal information that cybercriminals are after, such as usernames, passwords, and credit card numbers. Fortunately, there are many clues to help you identify if the email source is legitimate, and hovering over hyperlinks is one of your best defenses.
Before even opening the questionable email, you can hover your mouse cursor over the email in your inbox, and you will see the sender. Does the email address appear legitimate? More importantly, hover over the hyperlink within the email to see where the link leads.
Investigate the email’s source
Opening an email doesn’t automatically make you a phishing victim or expose you to email threats; however, clicking links that take you somewhere else and dupes you into filling out sensitive information does. So before clicking on links within the email, check where the link is meant to lead based on the sender’s email address. If the site seems suspicious because it doesn’t appear to be the address of the actual website, open a separate tab and visit the URL. Company spelling variations or unlikely domain names are some red flags to look out for.
Verify the URL’s security by checking if there’s a closed lock icon in the address bar. Also, try searching for the website of the company the email is supposedly from. Make sure to do your research using a reliable search engine and not the information provided in the suspicious email.
Stay on top of new phishing techniques and email protection technologies
Cybercriminals are constantly evolving as they analyze email users’ behaviors and what phishing techniques have higher chances of success. They’re also showing no signs of slowing down. According to Google, within a few months, since COVID-19 began, there was a 350% surge in phishing websites.
To protect your organization, you need to stay updated on the latest phishing strategies. In the past few years, some of these phishing emails have included emails that look like they came from a federal body, a friend, an online shop, a contest, your bank, or a familiar company.
You also need to arm your organization with an email security system equipped with anti-fraud, anti-spoofing, and anti-leakage mechanisms and technologies. Look for a platform with real-time detection that integrates seamlessly with your email system.
Contact us for a robust email security solution with a high operationalisation level that will protect you in 2021 and beyond.