Phishing remains one of the most common types of cybercrimes according to Cert NZ. Cybercriminals took advantage of New Zealand with phishing and credential harvesting reports increased 26% from Q2 2023, as reported by Cert NZ.
As cyber criminals get more savvy in the art of
deception, these emails are getting harder to recognise. They are no longer
desperate requests for money or a plea from an offshore prince. They are simple
messages with a simple objective – to get you to click or respond.
Email is a key channel that cyber criminals can
use to compromise you or your employer’s sensitive data - and bank account.
It’s time to for us to treat it as such by analysing every email received to
catch phishing attempts. After practice, it will become second nature.
Here are a few tips to follow to take back our
inboxes:
Check who it's from
Be wary of an email if:
- It’s new to the inbox party – not
someone you normally communicate with
- It’s not related to your normal job
responsibilities
- The from address is the name of
someone in your organisation but something looks off such as the format or the
domain (@Sharp.support.co.nz vs. @Sharp-support.com)
Check the 'To' field
Suspect an email that:
- You were cc'd on and you don't know the other people it was sent to;
- Has you as part of a group that
you’ve never seen before or doesn’t apply to your job - Ie., You are in sales
but the group name in the To field is “HR-Benefits” or “Sharp-Finance”;
- Is sent to a random assortment of
people at your company, for instance a group that has last names that start
with the same letter.
Check the date field
If Bob sent you an email at 4:00 am, and you know
he’s not a morning person, it could be a phishing email.
Check the subject line
Subject line indicators of a phishing email would
be:
- If it sounds strange or doesn’t match
what you’d usually read from this person;
- It does not match the message content;
- It’s a RE: to an email that you never
sent or requested;
- It’s something unrelated to your job
function.
Examine the message before clicking any links
The email is probably spam if:
- The sender is asking you to click a
link or open an attachment to find out more information;
- The email body has terrible grammar
and spelling errors;
- The email body contains almost no
information, and they are trying to bait you to respond;
- The sender is asking you for
sensitive personal information that you were not expecting.
Inspect the hyperlinks
The email is most likely phishing if:
- You hover your mouse over the link in
the email and it shows a different website;
- The body of the email is mostly the
hyperlink or only a hyperlink;
- The hyperlink is a misspelling of a
well-known website like www.bankofnewzealand.co.nz instead of www.bnz.co.nz.
Inspect attachments before opening
After examining the above aspects of the email,
think about the attachment.
- If you weren’t expecting the
attachment or it doesn’t make sense, do not open it;
- If it’s a weird filetype, do not open
it.
The most common type of malicious
files attached to phishing emails are:
-
- Script files (.wsf)
- Windows executables (.exe)
- Office documents (.docx/.xlsx/.pptx),
- PDF documents (.pdf), followed by
Compressed archives (.ZIP, etc), and Batch files.
While we can’t stop hackers from using phishing
to gain access to our systems, we can make sure that our organisations and
staff are well-informed and practiced in the art of catching a phishing email.
Always be on alert, especially if you receive an
email that you are not expecting. Never reply to suspect emails but rather
report them to your IT department if the email fails even one of the above
warning signs. Download a printable sheet of these red flags for your desk as a
reminder.
_______________________________________________________________
Find out more about Sharp’s security offerings,
or subscribe to our mailing list to keep up to date with the latest tips,
tricks and Sharp Products.