- Message containing poor grammar or poor spelling is sure way to email scam
- Mismatched URL, when you hover over the hyperlink addressed, it does not match the address displayed or the actual website displays an IP address
- Misleading URL of a non-affiliate whereby, the domain name is often misspelled in comparison to the actual company name, misspelling, and sometimes other content is appending prior to the actual DNS naming structure, for example, this_is_a_scam.company.com
- Containing attachment that entices you to click for reward or content that will provide explanation or more information
- Request for personal information – via email including security question regardless if all the other information supplied is valid
- Letter of intimidation, usually from law enforcement, collection credit agency, etc. preying on your urgency before other ramifications e.g. loss of coverage
- Alluring message or unsolicited action – including wining a prize or receiving a package when you haven’t ordered any
- Solicitation of money before you receive items or further information
- Threatening message that calls for action otherwise you may suffer risk e.g. request from your CEO whom you have never had communication in the past
- Combined efforts such as Vishing or Smishing, whereby, secondary methods (voicemail or text message) is sent to you to corroboration with phishing
Social engineering audit is a key measure for how well prepared your organization is, test strength of policy/procedure adherence, and a reminder to all, from top-down to bottom-up, since security is both top-down as well as bottom-up. So, identification/success is best when phishing test is conducted regularly – rate of testing success is: 19% when done quarterly, 12% when every other month, and 5% when done monthly.
Anything too good to be true or just doesn’t look like, is likely a scam.
No comments:
Post a Comment