Protecting yourself online is just as important as protecting your home or car from burglary. Modern hackers and cybercriminals can launch sophisticated attacks that may be difficult to recognize. The number one weapon against cyber theft for any person or organization is knowledge. Educating yourself and your organization can drastically reduce the risk of a successful cyberattack.

The most common tactic used by cybercriminals are phishing attacks. Phishing is the process of attempting  to acquire sensitive information such as usernames, passwords, and credit card details by masquerading  as a trustworthy entity using bulk email which tries to evade spam filters. Emails claiming to be from popular social websites, banks, auction sites, or information technology administrators are commonly used to lure  the unsuspecting public. An obvious example of phishing is the “Prince of Nigeria” emails requesting your bank information so he can share his wealth with you. A more subtle case may be an email that looks like it’s from UPS with tracking information on a package delivery. When  in reality the track package link sends you to a site that looks like UPS while the hacker scans your computer for information. Knowing the common signs of a fraudulent email is key to protecting against these types of attacks.

Wright Service Corp. (WSC) has taken an essential step in protecting its  client’s information by educating and testing its employees. Working with ACS, a third-party technology company, WSC launched a cybersecurity training initiative that  has reduced the risk of infiltration by cyber criminals by 81 percent over the last seven months. Guidebook, ACS’ comprehensive cybersecurity education program, teaches employees key items to look for when reviewing emails, websites, phone calls, text messages, and other interactions that may be used by criminals to steal information.

After employees complete an online training session featuring a specific security topic such as phishing, malware, social engineering, whaling (scams targeting  C-level employees), or other tactics, the user then completes an interactive quiz to test their knowledge. Employees who do not pass the quiz are funneled into an additional training program to ensure they fully understand key information regarding cybersecurity. Then, the employee’s resilience is put to the ultimate test. WSC and ACS sent a series of test phishing emails posing to be from reputable companies and employees of WSC. If an employee engages with the email in a way that could harm the company like click a link, download an attachment, respond to the email, or provide the requested information, the employee receives a notification that they have been deceived and they are flagged for additional training.

When the program first began, WSC secretly sent out a test phishing email before employees knew they would be tested. On this first email, 29.9 percent of employees were caught engaging with the test email in a potentially harmful way. Since starting the training, WSC’s susceptibility to these emails has been reduced down to 5.7 percent, well below the industry average of 12.5 percent as shown in the graph below.

Since starting Guidebook, WSC has not only seen a difference in their organization but also in their personal lives as well. The information they’ve learned applies to the frauds and scams employees encounter in their everyday lives. Start protecting yourself against phishing attacks using the tips below.

SIGNS OF A SUSPICIOUS EMAIL

1. Links

Without clicking the link, hover the mouse over any links in the email. A preview of the link will pop up next to the curser. If the URL does not match the stated destination, the email may be a scam.

Examples

• Email says it’s from UPS but the “Track Your Package” link goes to www.yourpackageups.com vs. www.ups.com. It is a suspicious email.
• The email link is misspelled, www.usp.com vs. www.ups.com.

2. Sender’s Email Address

Similar to URL links, email addresses can also be slightly misspelled. Another red flag is if the sender isn’t from an address you recognize; it’s possible the email could be malicious. Alternatively, if the email is from someone you recognize, but the content of the email doesn’t match their persona, the email may be malicious.

Examples

• Email says it’s from UPS, but the email address is [email protected] vs.
  [email protected].
• The email is from [email protected] but you don’t know a David Smith.
• The email is from
  your Grandma but she’s using slang in the email and asking for your bank information.

3. Attachments

The email contains attachments that don’t make sense within the context of the email or someone you don’t recognize is sending you an attachment.

Examples

• The email contains information about a form to download and complete but the attached file type is a .zip file.
• David Smith sends you an attachment with instructions to open it but you don’t know a David Smith.

4. Content

Is the email asking for sensitive information such as health records or financial information? Is the email out of the ordinary and displays bad grammar or multiple spelling errors? Is the sender asking you to click on a link or open an attachment to avoid a negative consequence or to gain something of value?

Examples

• The email asks for private financial information to avoid fees and penalties from the IRS.
• The email asks you to click a link to see if you’ve won $500.
• The email is from your cousin who recently went on vacation and is asking you to wire them money because they are in trouble. Your cousin has impeccable grammar and rarely makes a spelling error. The email is riddled with spelling and grammar issues.

For over 38 years ACS has acted as a technology compass for businesses and organizations throughout the Midwest. Our unique approach ensures every organization is provided with superior service and technology solutions. With over 40 certifications in Cybersecurity, Business Intelligence, Servers, Storage and Virtualization, Connectivity, Business Continuity, and Managed Services, our engineers have the expertise necessary to design, implement, and maintain your organization’s critical infrastructure.

This article was published in “An Outside Perspective,” a section of the Wright Service Corp. biannual newsletter, The Wright Perspective.