Welcome to week two of Cybersecurity Awareness Month, this week we will fight the phish! This week is all about phishing emails and how to identify them. Once again, our friends at the National Cyber Security Alliance have created a great worksheet.

As most of us know, phishing is a constant cybersecurity threat that is not going away. Phishing emails have evolved many times over the years and continue to do so. Because of this, it is important to always be vigilant of your inbox!

What is Phishing?

KnowBe4 explains phishing as “the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.”

Phishing Emails: What Your Employees May Do

According to Keepnet Labs, 1 out of 2 employees will open and read a phishing email. 1 out of 3 employees will click a link or open an attachment in a phishing email. Even more frightening, 1 out of 8 employees will actually share sensitive information requested in the phishing email. Keepnet Labs also reported on what business types are the most likely to fall victim. (Check out the businesses most at risk in the report referenced above.)

Real or Fake?

Below is a screenshot of a potential phishing email message, sans the sender information. So, is this real or fake?

Real or fake email
Real or fake email

How to protect against Phishing?

Here are a few important questions you can ask yourself if you suspect someone is phishing your small business:

  • Do you know the sender?
  • Are they urging you to open an attachment, to click a link, or to give them personal or business information?
  • Did the email come outside of expected business hours?

If you answer yes to any of these, try and verify the sender is legitimate.

For more on phishing and other cybersecurity topics, check out Small Business, Big Threat for more!