Data security: avoid email phishing in 4 steps

Safeguarding personal and company data involves both infrastructure and individual awareness. KeyStone Learning Systems shares this guide to protect against email phishing.

30 Mar, 2016

Data Security Tips for Companies

Need Training?

Data security is a big concern these days. Though it has to some extent always been an area of focus, there is no doubt that the digitalisation of data in all areas of business has meant that companies are now having to deal with an ever-increasing number of threats to their own, their employees’ and their clients’ information.

But dealing with these threats is not just about having the right infrastructure. It’s about individual awareness and ensuring that every person in an organisation knows how take what are often simple steps to making their data, and hence the business, that much more secure.

So what knowledge does the average employee need to counter cyber attacks and ensure they don’t disclose private data to so-called cyber criminals? Well, a good first step is knowing how to handle one of the most well-known, but also one of the more common, forms of cyber attacks used today: email phishing. This involves fraudulent individuals disguising themselves as trusted service providers, such as banks or phone companies, or even as a person’s employer to try to lure them into disclosing their personal information.

Though kinds of attacks are becoming increasingly sophisticated, security training provider KeyStone Learning Systems has pinpointed 4 key warning signs that will help you recognise email phishing attempts quickly and effectively. 

1. Spelling and grammatical errors

These may be in the subject line and/or in the body of the email, and are often due to the fact that a good proportion of phishing emails aren’t written by native English speakers. This often results in spelling mistakes or poor sentence construction throughout, which is a clear sign that it may not originate from a trustworthy source.

Everyone makes spelling errors now and again, but would your bank or Facebook really send out an email without proofreading it first?

2. Urgent calls to action

Watch out for the exclamation marks and bold capital letters.

Often, phishing emails will try to create a sense of urgency by including calls to action such as "your account is being closed" or "action required immediately" to pressure users into thinking they need to respond as a matter of priority. These tactics are designed to create a sense of anxiety that makes you want to act to resolve the issue before really taking the time to think about it.

Though these calls to action may be more or less veiled, any request for you to enter your log in details or reveal personal information should be treated with the right amount of suspicion. Remember: your service providers generally know who you are. They don’t need to you to tell them, and they certainly don’t need you to give them your private credentials, especially if they are the ones emailing you in the first place!

3. Foreign email addresses or addresses that don’t belong to the service provider

If you bank with HSBC, for example, you would expect any email originating from them to have the correct domain name, i.e. person@hsbc.co.uk. You wouldn’t expect it to come from hsbc@yahoo.co.uk - you could have easily gone and created that email address yourself!

Similarly, it would be sent from the country that you live in and from a company that you know you use on a regular basis. Consequently, be wary of any messages coming from abroad or from providers that you don’t recall using – though this is relatively straightforward when we are thinking about a bank, it can become decidedly more difficult with other types of services.

4. Links and web addresses that don’t belong to the company

The email isn’t the most important part of the scam. What the person sending the email wants you to do is to click on a link that takes you to a fake version of a trusted website, where the personal details you enter end up in his or her hands.

So, a link is the first warning sign. The second is that, when you hover over that link, the address displayed doesn’t actually belong to the company that is supposedly sending you the email. Using the example above, a “Click here to resolve the problem” doesn’t take you to www.hsbc.co.uk but to www.hsbcscam.co.uk.

What next?

If you see any combination of the above:

  • Don’t click on the link(s);
  • Don’t provide any personal credentials;
  • If you have reason to think the message may be legitimate, manually insert the address of the company in your browser and/or contact them via your "traditional" channel of communication.

Looking for professional training?

Tell us what kind of professional training you're searching for and we'll look through our over 17,000 course listings and personally get in touch with several UK training providers. They'll send you more information about the course including price, upcoming dates, and answers to any questions you might have.

This field is used for controlling automatic form submits. Please leave it blank:

This is a cost-free and obligation-free service.


Ads

Find your next course

IT Security

Online Courses Learning
5.0 (10)
Online
From 75 GBP

IT Security

Keys Training
Multiple (2)
From 595 GBP

Cyber Security

Lion Heart Consulting
Multiple (2)
From 175 GBP

Cyber Security

Lion Heart Consulting
Multiple (2)
From 175 GBP

Online Security

Online Courses Learning
Online
From 75 GBP

Securing ICS: Becoming an Industrial Cyber Security Professional

BSI Training
Multiple (2)
From 3,195 GBP

Cyber Security Fundamentals

City, University of London
Online
From 595 GBP

Cyber Security Awareness

Safetyman Academy
Online
From 20 GBP

Cyber Security

Keys Training
5.0 (27)
Multiple (2)
From 745 GBP