While you're probably more than aware of the potential threat of computer viruses and data breaches, the harsh reality is that 6000 new computer viruses are created and released every month, many of which make it through our virus protection software.
Today, 90% of emails sent globally contain some form of malware. And while the majority of us keep our networks and computers protected with security software, 50% of us still click on links from unknown senders that make it through.
We've collated a list of the top 10 most used phishing email subject lines to be aware of in 2021:
This weeks meeting agenda
Password Verification Needed
Vacation Policy or Payroll Update
Remote Work Policy Update
Important: Dress Code Changes
Scheduled Server Maintenance - No Internet Access
De-activation of [[email]] in process
Please review your leave requirements
You have been added to a team in Microsoft Teams
Company Policy Notification: COVID-19
A large part of keeping systems protected comes down to the actions of your users so it's important to educate staff regularly on trending threats and best practice around email use. The signs include:
Your name - do they know who they are speaking to? Have they used a salutation you wouldn't expect? (Especially if it's supposedly from someone you know).
Tone and grammar. Often phishing emails will sound a little off or use wording that isn't quite right. Consider the phrasing, and the urgency of the email.
Pushiness. The main driver of these types of emails is to get the user to do something. From funds to information, be aware of requests that demand an immediate action without direct contact. i.e "Im in a meeting so can't take calls right now, but please provide all security information on the XXX account".
Links. Any link sent to you that supposedly takes you through to secure areas (i.e. to your bank, Office 365, MYOB etc) to 'reset your password' or 'check a security breach' or 'Review a company policy' could release access to a phisher. You can always access your accounts your usual way to check notifications there, and avoid the email altogether.
Fake email addresses - The most obvious and important of all! if any of the above signs are present, check the full sender address (as it will often be hidden behind a pseudonym). There are instances of course where the hacker will have accessed the original account, so if you have any doubt contact your IT administrator or support.
Phishing tactics are constantly changing but there are a variety of solutions available to support educating your team and mitigating attacks. At Fusion we use Cofense to combine staff intuition with security software, check it out for more tips and advice.
Sources include https://hostingtribunal.com/ https://cofense.com/ https://www.techrepublic.com/