Don’t Get Caught Hook, Line & Sinker
Phishing has historically been a high-level threat to security, and the past year has been no different. According to the Verizon Data Breach Investigations Report 2021, phishing is present in 36% of data breaches reported. This is an increase of 11% from 2020. Phishing attacks attempt to get an individual to provide vital security details by using an official-looking email or website. Luckily, there are several things that you can look at to ensure the email you received is legitimate.
First, look to see if the email is coming from a known or new contact. While this will not outright tell you if the email is legitimate or not, an unknown contact indicates that extra caution should be used.
If it is coming from a contact you know, does the grammar match what they normally send you? Is there an attachment or a link that you normally do not receive? If so, then extra caution should be used.
Valid Email Address
Next, investigate the “To” and “From” fields. Hover over the “From” email address. Does the email address domain that pops up vary from what is displayed in the “From” field?
Is the “From” email address the same as the “To” email address? These factors are all signs that the email needs extra attention. IDS’s Security Team recommends reaching out to the sender through another channel (not a direct reply) to verify that the email is valid and safe.
If the email includes a link within the body of the email, hover over the link. Does the URL that pops up match what is being stated in the email? For example, if there is a link to PayPal, hovering over it should pop up a URL match with the PayPal domain of paypal.com.
If you are ever in doubt of a link in an email, go out to the website directly, using means other than clicking directly on the link. For example, imagine you receive an email for PayPal requesting to reset your password. Instead of clicking on the link provided within the email, open a browser, and go directly to the www.paypal.com site to reset your password.
Something else to keep an eye out for when looking at the body of an email is whether there is a sense of urgency? Threat actors will try to make you feel as if you need to respond right away in the hopes that you will lower your guard and accept an email that would normally raise flags.
On the other side of the spectrum, an abnormally short and to the point email can raise red flags. It may only have a brief message, “Please see the attached”, with an attachment. If you were not expecting an attachment, always verify that the email is safe first. A short message gives the end user very little to work off to determine if the email is legitimate or not.
Always remember, if you are ever in doubt of the legitimacy of an email, reach out to the sender through another channel. Verify that the email is legitimate and that any attachments or URLs are safe. If you are unable to get a hold of the sender, then wait. If the email is legitimate, then the sender will reach out to you again. Whereas, if it is a phishing email, it is highly unlikely the attacker will send a follow-up email.
About Insite Data Services
IDS data application hosting services combines secure and cost-effective core banking applications, enterprise-class servers and storage, and proven virtualization technology. IDS hosts all of the bank’s servers in secure data centers that use state of the art security systems including identity verification and biometric scanning. Insite Data Services also offers IDS On-Time, a full-service solution dedicated to back-office bank processing. These operations experts allow partnered banks to focus on their most important asset, their customers. For more information visit www.insitedataservices.com.