How Can I Tell if an Email is a Phish
Spear phishers have many techniques at their disposal to fool not only you, but any email-filtering solutions your organization may have in place. When spear phishing attacks make it through your organization's defenses, it is up to you to identify them as potential threats.
To tell if an email is a spear phishing attempt, be aware of emails and messages that:
- Ask you to click on a link or open an attachment.
- Create a sense of urgency.
- Evoke strong emotions, like greed, jealousy, or fear.
- Request sensitive data.
Legitimate companies will not ask for passwords or other sensitive data via email.
Always check the URL of the site you are visiting. In many instances, a phishing email will direct you to an imitation website that appears legitimate, but attempts to steal your password or other sensitive data.
If you suspect that you have received a spear phishing email at work, follow our procedures for reporting it immediately.
According to Symantec, 1 in 2.3 organizations with over 2,500 employees were targeted by at least one spear-phishing attack in 2013. With these odds, it’s not unlikely that a suspicious email might be a phishing attempt.
It’s much easier for a cyber-criminal to obtain access to your systems by obtaining legitimate credentials than to hack into it using blunt tactics. In fact, according to the 2013 Verizon Data Breach Investigations Report, “76% of network intrusions exploited weak or stolen credentials;” the report also indicates that 40% of attacks incorporate malicious software, like keyloggers, which can be used to obtain that same information.
This is important because your credentials are exactly what spear phishers are trying to obtain when they encourage you to click a link, download an attachment, or input sensitive information. Using your credentials, they can do damage your organization in a number of ways, such as stealing intellectual property, encrypting and holding your files for ransom, or logging into financial accounts.