7 Ways to Spot a Phishing Scam

7 Ways to Spot a Phishing ScamDid you know that upwards of 85 percent of all organizations today have been victims of some type of phishing attack? And with the average cost of a successful phishing scam ringing in at around $1.6 million, the problem is very real. What’s more, it’s not just everyday employees being targeted. In fact, 1 in 3 companies are routinely attacked in the form of CEO fraud emails.

These statistics should bring to light the critical importance of protecting your organization – regardless of size or industry – against potential malware attacks, and as always, the best defense is a good offense. To prevent your employees (particularly those in the C-suite) from being bested by a hacker, here are things to train them to watch for.


Poor Grammar and/or Spelling – One of the first clues that a particular message might have been sent with malicious intent is the quality of the content within. While most monitoring programs successfully filter out most harmful emails, some will inevitably sneak by. A message from an unknown sender containing poor grammar, misspelled words or content that isn’t logical should raise some red flags.

Mismatched URLs – The goal of a phishing campaign is to give the appearance of authenticity in order to convince the recipient that it’s ok to open an attachment or click on an embedded link. In the latter, the URL may look completely legitimate when, in fact, it actually redirects to a malicious site. To avoid this, all employees should be encouraged to hover over URLs to verify that the actual hyperlink matches.

Misleading Domain Names – Another trick many hackers use in phishing scams is to use misleading domain names to make unsuspecting recipients believe a URL is trustworthy. This can easily be identified by how the URL is laid out. For instance, a phishing artist may attempt to trick a victim by creating a child domain with a familiar name, such as Apple and then linking it to a malicious site. The result might be something like: Educating employees on how DNS naming structure works can help quickly detect and address any potential fraudulent messages before they are successful.

Requests for Personal Information – Regardless of how official an email may appear, if the message contained within requests personal information, proceed with extreme caution. Remind employees to always take a step back and assess the logic of these types of messages. Banks or credit card companies don’t need customers to provide their account numbers. Likewise, reputable senders will never ask for things like passwords, credit card numbers of anything else that’s confidential in nature.

Unsolicited Contact – If receiving an email filled with lofty promises seems too good to be true, it probably is. Furthermore, if you didn’t do anything to initiate the contact in the first place, it’s almost certainly going to be some type of scam. Any such message should always be regarded with suspicion and great caution.

Messages Containing Threats – While most phishing campaigns lure victims with the promise of enrichment, some hackers resort instead to rely on intimidation tactics to scare recipients into giving up sensitive information. For instance, an email like this might appear to be from a trusted and respected sender, such as a bank or the IRS, and it might contain a message threatening account closure or asset seizure if money or personal information isn’t provided. These types of intimidating messages should raise a red flag.

Something Just Doesn’t Look Right – Last, but certainly not least, intuition can often be enough to flag a potentially harmful email. Teach employees that if they receive a message that gives them pause, for whatever reason, they should trust their gut and escalate it accordingly. After all, it’s always better to be safe than sorry.

Are you doing enough to protect your organization against phishing and other malicious campaigns? Educate your employees on what red flags to watch for and remind them to never click on a link or open an attachment from an unknown or suspicious sender. Then, fortify your cybersecurity incident response strategy with automation.

Click here to start your free 30 day trial today and get the peace of mind you deserve.

How to Get Critical Systems Back Online in Minutes

5 Holiday Phishing Strategies to Watch For

5 Holiday Phishing Strategies to Watch ForThe holidays are coming, which means more targeted emails from retailers, travel providers and anyone else looking to capitalize on consumers’ increased spending over the coming weeks. Not surprisingly, this increase in email outreach is also being used as a tool for cyber-attacks. And given the more widespread adoption of remote working and BYOD policies, that means even personal attacks could place your company’s sensitive data at risk. To prevent yourself, your employees and your organization from being victimized, here are five of the most popular cyber security phishing scams to be on the lookout for.

Email Promotions

Ever hear the expression, “If it seems too good to be true, it probably is”? The holiday season is full of deals, specials and discounts, but not all of them will be on the up-and-up. Everyone who works for your company should know to be leery of any incoming email that seems too good to be true, or just looks suspicious in general – especially those containing links or requesting personal information.

Suspicious URLs

Phishing scams don’t only arrive via email. Often times they include a more complex scheme involving the use of phony URLs that appear to be legitimate. Unfortunately, even just visiting one of these sites could result in malware getting a foothold on your systems and applications. Be sure to educate employees about these cyber security dangers so they’re diligent about taking a closer look before they click. For instance, instruct them to hover over a hyperlink to view the actual URL before clicking.

Fake Invoices

With online ordering at an all-time high and the number of orders being placed this time of year, it can be easy for a cyber-attack to make its way into your inbox by way of a fake invoice or purchase order. Receiving an email receipt for an order you didn’t place in June would probably be enough to raise a red flag, but in December when you’ve placed dozens of orders, it might slip under the radar. If you’re not careful, clicking on a link within could end up redirecting you to a phishing page or worse – instantly installing malware.

Phony Shipping Status

Just as with fake invoice emails, hackers will often use phony shipping notifications to try and trap their unsuspecting victims. With so many online orders being placed and received, it’s not unusual for an otherwise savvy individual to end up clicking on this type of malware email without even realizing the cyber security risks behind it. For example, if you recently placed an order and it was followed shortly thereafter by an email from what appears to be UPS, you might not think twice about clicking to see the status. Again, diligence and caution are key.

Bogus Surveys

Another common tactic amongst cyber-criminals is the fake survey. These little gems end up in people’s inboxes with the promise of money or other incentives just for answering a few simple questions. It can be enough of a temptation for many who will go along, providing personal information at the end. This information can then be used to develop even more sophisticated and dangerous cyber-attacks, such as spear-phishing.

Whether these types of attacks target your individual employees or your business, either way they place the security of your sensitive data at risk. The best way to prevent these occurrences is to first educate your employees on what to watch for. Additionally, having a strong monitoring system coupled with an automated incident response strategy can ensure that even if an attack slips through the cracks, it will be thwarted as quickly and effectively as possible.

Protect your organization’s precious information and hard-earned reputation. Start your free trial of eyeShare today!

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

What is Spear-Phishing and How Can You Avoid Becoming a Victim?

What is Spear-Phishing and How Can You Avoid Becoming a Victim?There’s a lot of talk about massive viruses and other significant cyber-threats, but in reality, some of the most infamous and damaging cyber-attacks in recent history have started with just one employee innocently clicking on a spear-phishing email. These attacks are growing in number and frequency. Why? Because they work. And because traditional security strategies are not typically capable of detecting these threats, they continue to be a growing problem, particularly in the fields of finance, insurance, retail and health care.

We thought it was worth exploring more about what this type of cyber-crime entails and, more importantly, what you can do to protect your company from becoming the next victim.

What is Spear-Phishing?

The term spear-phishing is really a blanket term that encompasses any number of damaging exploits. It could be ransomware which is designed to encrypt and hold hostage the victim’s sensitive data for an extortion fee. Or, it could be malware that specifically targets a company’s financial data or customer information. In either case, the goal of most spear-phishing campaigns is to successfully obtain either personally identifiable information (PII) or network access credentials.

A spear-phishing campaign typically arrives in the form of a carefully crafted email message that is designed to appear legitimate enough to fool the recipient into opening an attachment or clicking on a link. You may be thinking that this sounds a lot like traditional phishing plots that we’ve all heard of for many years now. In reality, while the concept is the same, spear-phishing campaigns are actually much more targeted and calculating, which is why they’re generally much more dangerous.

Criminals who attack through spear-phishing carefully segment and pinpoint their victims to improve their chances of being successful in obtaining the information or data they’re after. They then create compelling and highly personalized emails that are designed to impersonate trusted senders – for instance, the IRS.  And it’s not just low-level employees who are being targeted. To the contrary, many spear-phishing campaigns are developed and designed specifically for executives – leaders with high-ranking titles such as CFO, Senior VP or Head of Finance.

And if you think these situations are isolated, you would be incorrect. Recent studies have revealed that the vast majority of organizations admit to becoming victim of at least one spear-phishing attack in 2015 alone. And these attacks aren’t without damage. In fact, the average impact of a successful spear-phishing attack is estimated to be over $1 million. Even more alarming is that some victims saw their stock prices drop by as much as 15%.

What’s the solution?

So, what can organizations do to prevent such an attack from wreaking havoc on their reputation and bottom line? One of the reasons spear-phishing is so successful is because it is difficult to detect. Emails and even phony websites are specifically designed to slip through the cracks unnoticed until it’s too late. In these instances, the best offense is a good defense.

Start by educating your employees – from the top down. Remember – cyber security is everyone’s job, especially when it comes to phishing. Make sure everyone who works at your company is aware of the dangers and knows what to look for, how to be careful and who to contact if and when a potential issue arises.

Then, fortify your protection by leveraging the advanced technology that is available to you. That means not only deploying traditional monitoring programs, but also incorporating automation into the incident management process. That way should a threat get through and a successful spear-phishing campaign gain a foothold, the appropriate remediation measures can be triggered instantly and automatically. This will help to isolate the incident and mitigate damages.

As long as there are cyber criminals stalking the business world from behind their keyboards, there will always be things like spear-phishing. By being aware of what you’re up against and taking the appropriate proactive measures to limit the amount of damage that could potentially be done, you’ll effectively keep your organization safer and the sensitive data within as secure as possible.

Ready to start strengthening your defense against these and other dangerous cyber security threats? Start your free 30 day trial of eyeShare today.

eBook: 5 Reasons You Should Automate Cyber Security Incident Response