Cybercriminals are not a joke, but the way ‘hacking’ is depicted in movies and TV shows is laughable. These criminals are not sitting in a dimly lit basement, actively trying to breach your firewall. More often, they are sending out malware-filled emails to thousands of addresses hoping a few recipients will click on a bad link.
Your employees are a favorite target of cybercriminals, specifically their inboxes. Email is a preferred attack vector for cybercriminals and email security should be a top priority to keep your data safe. One of the most popular attacks ends with a user clicking a bad link in an email. These links typically install malware or redirect the user to a website that is infected.
So, what can you do to stay safe?
Unfortunately, there is no black and white to spotting a bad link. But there are some basic guidelines that can keep you from falling prey to these kinds of scams.
Where does the link go? – This is the easiest way to avoid a bad link.
Just because the link says www.americanexpress.com, does not actually mean that is where it will take you. You can hover your mouse over most links and you will see the genuine destination in a pop up box or in the bottom corner of your browser. If the link and destination do not match, do not click. If you feel like the link is legitimate, you can always type in the URL manually to confirm you are directed to the proper site, just in case.
Who sent it? – Start off by asking if you are familiar with the sender of the email. Make sure you look at the actual sending address and not just the display name. The display name can be easily changed to make the scam more believable. Even if you are familiar with the sender, this does not mean everything they send can be clicked.
Why did they send it? – Let’s say that the email came from a colleague. Were you expecting it? There is a chance that their email has been compromised and the attacker is using their account to further the ruse. It is worth the extra minute to email, text or call your co-worker to validate the email and its contents.
What do they want? – Other than infecting your computer, these scams also try to steal your passwords. Any email asking for your personal information should be thoroughly scrutinized. Look at the body of the message for misspellings or bad grammar. These errors are very typical in scam emails.
If you are still uncertain after following these guidelines you should reach out to your IT Department to assist in validating the email, links and attachments.