It’s critical that employees know how to identify a phishing attack. When they can identify an attack before its malware payload is deployed, they help avoid potential data or financial loss. And even if a phishing attack succeeds in deploying its payload, it might be possible to eliminate the threat or contain it before much damage is done.
Identifying the signs of a phishing attack, either attempted or executed, is not a skill you learn overnight. Phishing attacks vary in nature and sophistication; they evolve over time. That’s why phishing awareness training should be ongoing and frequently refreshed.
Rule #1 of How to Identify a Phishing Attack
Rule #1 of how to identify a phishing attack: every email you receive is a potential threat. It doesn´t matter if the (supposed) sender is known to you, or even if the incoming email is a reply to one you’ve sent. If it contains a link, an attachment, asks for confidential information, or is written to appeal to your sense of curiosity, sympathy, fear or greed, you should treat it suspiciously.
Email scammers are experts at creating “lookalike” email accounts and bogus domain names. Some use social engineering tactics to discover personal information, scam the individual into revealing the login credentials of their email account and then send phishing emails to everyone on their contact list. If this happens within a business, the fallout can be dire.
Most so-called “tips” to identify a phishing attack are just clickbait and not helpful at all. For example, tracing an email´s header will not prevent the successful execution of a phishing attack if the email originates from a compromised company email account. Hovering your mouse over a malicious URL may not reveal an attack if the URL has been well disguised and, if neither the sender nor the recipient of an email are strong on spelling, how are you supposed to tell if an email contains poor grammar?
Identifying the signs of a phishing attack is difficult, and the examples provided so far are just the tip of the iceberg. Remember Rule #1 of how to identify a phishing attack: every email you receive is a potential threat. If you get an email you are unsure about, check its validity by phoning the (supposed) sender. If that’s not possible, say something to somebody in a position of authority – preferably a member of the IT department—and, if you click on a malicious URL or open an infected attachment, say something quickly. It may not be too late to prevent a malware attack.
Why Phishing Training Needs to be Comprehensive
The hardest part of phishing training is building a business culture of openness and awareness. Mistakes happen. Effective phishing training helps employees identify, report and mitigate phishing attacks with continuous awareness training and informative reports.
Signs that a Phishing Attack has been Executed
If, despite all your care, you click on a malicious URL, open an infected email, or inadvertently disclose your login credentials, you are unlikely to know straightaway that malware has been deployed on your computer. The exception is ransomware. It wastes very little time scanning your computer´s drives and any connected devices for files to encrypt. Within minutes you will likely see a message appear on your screen demanding a ransom.
If this happens, immediately report the ransomware to a person in authority or your IT team. Depending on the ransomware variant, it may be possible to decrypt the locked files. Or maybe a recent backup of your data exists to restore onto your computer. However, speed is of the essence, not only because many ransom demands are time-sensitive, but because swift action by the IT department may prevent the ransomware spreading throughout the network.
In other, non-immediate ransomware scenarios, it’s possible to identify a phishing attack by changes in the behavior of your computer. Changes to your home page or search engine page can indicate a spyware infection. Advertising pop-ups might point to adware installation and, if your computer starts to slow down or programs crash more often, a full virus scan can detect the problem and perhaps identify a phishing attack as the source.
Of greater concern: inadvertently disclosing your login credentials. In this case, it’s again important to immediately tell a person in authority or your IT team. Usernames and passwords can be changed quickly, and the disclosed login credentials retired, so the information you provided to the cybercriminal becomes of no value. When that happens, the cybercriminal may try to extract the new login credentials from you, but this time you’ll be better prepared.
Be Better Prepared before a Phishing Attack with Cofense
Of course, it’s better to identify a phishing attack before its malware payload is deployed. Cofense can help with that. We’ve developed an intelligence-driven, phishing defense solution that enhances awareness of phishing attacks. Our solution conditions users to be less susceptible to phishing and lets employees report suspicious emails with the click of a button. Your IT department can then prioritize alerts based on each user´s “conditioned rating,” that is, how well he or she has performed in simulations.
The Cofense platform integrates seamlessly with existing security and event management systems, or can be used as a stand-alone solution. The platform includes interactive phishing simulations which you can customize to your security needs, industry sector and compliance requirements. It also connects with a human-vetted threat intelligence service that helps your security team identify a phishing attack faster.
Train your employees to identify a phishing attack—before its malware payload is deployed. Contact us and request a free Cofense demonstration. Cofense is proven to reduce susceptibility to phishing emails by up to 95% and protects more than 1,000 enterprises worldwide. Thanks to us, more than 24 million users know how to identify a phishing attack and respond effectively. Shouldn´t yours?