Years of security training have revealed a concerning pattern: traditional training often fails to prevent scams. Even experienced IT professionals fall victim to sophisticated phishing emails. However, there's a proven defense strategy—teamwork.
Let’s look at a scenario!
The Scenario
You receive an email from "IT Team" instructing you use the embedded link to reset your email password. You've never received one of these emails before, but it looks legitimate. What should you do?
Before taking any action: grab a nearby team member and ask them to review the email with you using the Five-Question Check below.
The Five-Question Check
Work through these questions together:
- Is the email requiring urgent action? "Your account will be closed in 24 hours" or "Payment failed - update immediately".
- Is the email about a password, money, or some other private matter? Is the request unusual?
- Is the person who sent the email a stranger or do they send it from a free email service such as hotmail.com or gmail.com?
- Is this an unexpected email? For example, hearing from Centrelink when you've never dealt with them before?
- Does the email message have grammatical or spelling errors?
- Mismatched domains: Email claims to be from PayPal but link goes to
paypa1-secure.net - Numbers (IP addresses) instead of text domain names:
http://192.168.1.1/login - Suspicious subdomains from the wrong country or company:
microsoft.com.verify-login.ru - Shortened URLs:
bit.ly/xxxxxortinyurl.com/xxxxx(hide the real destination) - Extra characters:
paypa1.com(number 1 instead of letter L)
Having completed these steps, you would be highly suspicious of this emailed request.
Comments are closed.