Even though April Fools’ Day is just one day of one month on the calendar, cybercriminal activities never stop. You need to keep your guard up every day of the year to avoid falling victim to phishing attempts. The best way to do it, particularly in the month of April Fools’, is by recognizing the real fools and their phishing. This way, the joke is on them, not you. Here, we share a few anti-phishing best practices to combat phishing in your organization.
Double-Check the Website Address (URL)
Cybercriminals often create spoofed URL links that are very similar to that of a legitimate website. Make it a habit to inspect any email link simply by hovering your mouse pointer over it before clicking on it. This is especially crucial if the URL is embedded within text or a graphic that says, “click here.”
Double-Check the Email Address
When receiving an email requesting you to do something — for example, provide login credentials, pay money, secure your account, renew a subscription, etc. — take a closer look at the sender’s email address. The email may look like an official address from the person or company they are claiming to be, but in reality, it doesn’t contain their official domain (the portion of an email after the “@”). Email addresses such as “firstname.lastname@example.org” or “email@example.com” are most certainly malicious emails.
Beware of Urgency
Cybercriminals know that unwitting victims are more likely to respond to something if there’s a sense of urgency or need for immediate action. When an email message requires you to respond right away with an immediate decision — often with thinly veiled threats or repercussions — stop yourself from reacting. Take a closer look at the email. In most cases, there’s no reason to respond immediately. Be suspicious of email messages or phone calls that claim any degree of urgency.
Dream Offer Phishing
As the saying goes, if it’s too good to be true, it probably is. This is a common tactic employed by cybercriminals. They present you with a highly enticing offer, such as a sizeable refund, an enticing loan or investment opportunity, or even bargain basement “exclusive” prices on otherwise very expensive products and services. At which point, to take advantage of this “one-time” offer, all you need to do is reply with your personal information or perhaps sign into a website and provide a vast amount of data. These types of phishing scams are usually quite elaborate and convincing; so, make sure to hit the pause button and think before you accept any dream offer.
Utilize anti-phishing training to teach employees preventing phishing attacks best practices
As a leader in behavior change for over 30 years, GLS delivers anti-phishing training in an interactive, scenario-based format, as well as gamification and achievement elements, to engage users. Our anti-phishing training and phishing simulation foster positive behaviors using the right balance of education, reinforcement, practice and rewards to help protect your organization’s sensitive information from phishing campaigns. Contact us today to learn more about phishing prevention.