Outsmart Hackers by Recognizing These 5 Phishing Email Clues
#Tips
Tom Kellnhauser
by
Tom Kellnhauser
Tom Kellnhauser Skyward Technology Solutions Account Executive |
1. Mabye they splet something wrong
Not-quite-right language is a hallmark of phishing emails. You may find misspellings, unnecessary punctuation, or an odd tone. The message may sound overly formal or somewhat archaic. A minor typo is one thing, but a whole email full of suspicious usage is a red flag.What to do: Brush up on your typical business-related or vendor email formats and get to know them well. If something feels off, it probably is—so don’t click! Instead, report the email to your IT crew.
2. So close to the real thing
Phishing emails are designed to be compelling—after all, hackers’ paydays depend on it. So don’t feel too bad if you’re almost tricked. Take a hard look at a few telltale signs that the note from Amazon or your bank isn’t actually from the legit vendor:🚩 Look very closely at the email address. Is it one or two characters off?
🚩 Is the domain name odd? For example, customerservice@amazonmembership.com reveals some redundancy that normally wouldn't show up in a business email.
🚩 Are there logos that don’t match? Do the logos look distorted or stretched?
Be extra careful with plain text emails, especially if they’re unsolicited and feel like they should be fancy HTML designs. Any email from a vendor should also include copyright info, a privacy policy, and a link to unsubscribe. If that boilerplate info is missing, it’s suspicious.
What to do: Go to the real website and use your credentials to log in; don’t log in through a link in an email.
3. Sneaky links and attachments
The whole point of a phishing email is to get you to take action. This trickery usually comes in the form of links or attachments.NEVER open an attachment from someone you don’t know. Even opening the file can release malicious software into your machine and network. When it’s a link, hover over it to read the entire destination in the bottom left corner of your screen. Some redirects (extra stuff after the domain name) are fairly normal, like UTM codes which are used to track marketing activity. But for the most part, be suspicious of these types of long URLs. It’s just not worth the risk, especially if it sounds too good to be true.
What to do: Don’t click the link! Instead, follow up on the topic with the sender or quench your unwavering curiosity with a Google search accompanied by “scam?” (If you have to ask, it probably is.)
4. Name dropping
Social engineering pays off for most hackers, and when you think about it, it’s fairly easy to do with the help of LinkedIn, school website directories, and personal social media accounts. It never hurts to check in IRL when something seems phishy in cyberspace, especially when the email claims to be an administrator asking for funds, gift cards, or other favors at the last minute. Even the crabbiest supervisor will appreciate your diligence in keeping their personal data secure.Speaking of supervisors, if you’re in a position of authority, be consistent in your communication and ensure your direct reports know your routines. That way they can easily spot someone pretending to be you.
What to do: Pick up the phone and call the person to confirm they were indeed the one who sent the email, and always use approved processes for transferring funds.
5. Threats
Whether the message comes via text, email, or some other channel, threats are always a red flag signifying hackers, not customer service representatives, are on the other side. Real government agencies and businesses do not threaten their customers—at least not by unsolicited email.What to do: Don’t be intimidated by criminals’ empty threats. Contact your local law enforcement to report these kinds of scams. You might know better than to fall for them, but lots of your neighbors need help.
Practice makes progress
One of the best ways you can strengthen your district’s human firewall is by ensuring everyone is familiar with the tried-and-true tricks hackers use to hit their jackpots. 82% of data breaches in 2021 involved the human element. 35% involved the use of email and approximately 7 to 10% of real phishing emails make it through filters and blocking systems. That’s why practice matters.The good news is, we’re making this training easy! Skyward IT Services has partnered with KnowBe4, the world’s largest integrated platform for security awareness training and simulated phishing attacks. From videos to interactive games to simulated phishing emails, KnowBe4 will help your team stay in-the-know on what to watch out for. With regular practice using KnowBe4 training programs, districts have gone from a 32% fail rate on phishing tests to a 4% fail rate!
Interested in learning more about KnowBe4? Email Tom Kellnhauser at tomke@skyward.com.
The bad guys won’t slow down, but we can catch on to their methods. Being aware of phishing scams is essential for safeguarding personal and district information, maintaining security, and building a safer digital environment for students and your district community.
Stay safe out there!
Follow-Up Resource: Level Up Your District Data Protection with the Security Audit Report
Are you sure your Skyward system settings are meeting security best practices? Now you can be! We’re excited to unveil the new Security Audit Report, a free tool you can use to make sure your system and data are as secure as possible.Tom Kellnhauser Skyward Technology Solutions Account Executive |
|