Phishing attacks are nothing new. Despite the availability of all advanced detection technologies and secure email gateways, phishing is a security problem that technology has not solved.

Attack groups continue to successfully infiltrate large organizations. Many security and risk experts agree that humans play an important role in stopping attackers before they can gain a foothold.

Phishing is an email attack that attempts to steal sensitive information from messages that appear to come from legitimate or trusted senders.

There are specific phishing categories. for example:

 - Spear phishing uses targeted, customized content specifically tailored to the target recipient.

 - Whaling is directed at executives or other high value targets within an organization for maximum effect.

 - Business email compromise (BEC) uses fake trusted senders (financial officials, customers, trusted partners, etc.) to trick recipients into authorizing payments, transferring money, or divulging customer data.

 - Ransomware that encrypts data and demands payment to decrypt it almost always starts with a phishing message. Anti-phishing protection doesn't help decrypt encrypted files, but it helps detect the initial phishing message associated with a ransomware campaign.

 Learn more about recovering from ransomware attacks

Some important Ways to Spot Phishing Email

1. Emails Demanding Urgent Action

Attackers often use urgent action to rush recipients into action before they have had the opportunity to study the email for potential flaws or inconsistencies.

2. Emails with Bad Grammar and Spelling Mistakes

Many companies apply spell-checking tools to outgoing emails by default to ensure their emails are grammatically correct.

3. Emails with an Unfamiliar Greeting or Salutation

Emails exchanged between work colleagues usually have an informal salutation. Those that contain phrases not normally used in informal conversation should arouse suspicion.

4. Inconsistencies in Email Addresses, Links & Domain Names

Another way to spot phishing is by looking for discrepancies in email addresses, links, and domain names. And make sure that the emails you have received are from reliable sources that you constantly deal with. if so, compare the sender's address with previous emails from the same organization or source.

5. Suspicious Attachments

Most work-related file sharing today is done through collaboration tools like SharePoint, OneDrive, and Dropbox. Therefore, internal emails with attachments should always be treated with suspicion; especially if the extension is unknown or is often associated with malware (.zip, .exe, .scr, etc.).

6. Emails requesting login information

Emails from unexpected or unknown senders requesting login credentials, payment information, or other sensitive information should always be treated with caution.

Additional way to find out how ready your employees are:

you can depend on Cofense PhishMe which is a SaaS threat awareness training and escalation platform that train, empower and coordinate employee’s awareness of phishing attempts by exposing them to realistic threat simulations to test your employees' security awareness.

https://www.ctelecoms.com.sa/en/Blog452/Phishing-is-becoming-increasingly-common-and-more-sophisticated.-Cofense

Fortunately, there are many excellent solutions for filtering malware, improving authentication, educating users, and blocking suspicious incoming messages. This has helped reduce risk.

However, phishing emails are usually sent to provoke emotions such as curiosity, sympathy, fear, and greed. When employees recognize these characteristics and are taught what to do if a threat is suspected, they will be able to recognize phishing emails and prevent attackers to infiltrate networks.

Ctelecoms can expertly utilize PhishMe to help Saudi companies of all sizes and industries to dramatically reduce the risks of phishing and related attacks caused by human error - while also giving users the skills and awareness to spot and report threats.

Start your free PhishMe trial today!