BLOG ARTICLE

Changing user behaviour to prevent phishing attacks

As we outlined in our post on preventing phishing emails, many businesses don’t realise that there are technical solutions such as DMARC that can prevent fraudulent emails being sent from their domains in the first place. If this is done properly, then educating employees about potential spoof emails becomes a secondary priority.
background image

Once you’ve got your DMARC compliance in place, it can still be helpful to educate your employees about common email phishing scams, in case they do come across a fraudulent email (in all likelihood, it won’t be from your domain).

What do phishing scams look like?

There are several common phishing scams, which can include things such as:

  • Asking you to click on a link and download a malicious file onto your computer.
  • Sending you an email notifying you of an outstanding invoice – and then a link where you can click to pay it. Clicking on this link takes you to an illegitimate site where scammers can gather your personal information and access your bank accounts.
  • The email sender telling you that one of your accounts has been compromised, and then asking you to log in and reset your password, fill in your information and resubmit it.
  • Pretending to be one of your vendors and asking you to confirm your credit information before they can release or deliver an order.

What should you do if you receive a suspicious email?

The problem is that as cybercriminals become more sophisticated, phishing emails are becoming increasingly hard to recognise, as they often include things like high res company logos and opt-out instructions at the bottom of the mail. With this in mind, here are five things you should check if you think an email is coming from a fraudulent sender:

  1. Does the email contain a link to a third-party site?
    Phishing emails often contain links that direct you to sites that are completely different from the domain of the email sender. On this site, you may be asked to fill in personal information and then submit a form.

  2. Is the email sender asking for your personal information?
    This could be things like your bank account number, your ID number, or your credit card details. If someone is asking for these, don’t respond to the email – rather phone them to check that it is really them asking for this information. If you do need to supply details, don’t do this over email.

  3. Do you know the sender?
    You may have communicated with people within an external company – such as with a supplier or customer – but suddenly you get an email from someone in that company who you’ve never dealt with before. Or, you could receive an email from a completely new vendor. In either case, delete the email without opening it and rather phone the company to verify the communication.

  4. Are there typos or grammatical errors?
    While this has improved in recent years as scammers have become more sophisticated, you may still be able to spot small errors within the email copy. Or, the tone of the sender may seem off (perhaps lots of use of exclamation marks or capital letters), or the specific details they give may be incorrect.

  5. Is the sender’s email address correct?
    These days, sophisticated fraudsters can easily send a fraudulent email from what appears to be the correct email address, but this is not always the case. It’s always worth checking if the email address is incorrect – even if it is close to the original.

No matter what industry you’re in, it’s crucial to be aware of common phishing tactics, so that you can prevent your personal information being compromised and used against you.

By being aware, you can potentially help protect your company from losing money, being impersonated, or being used for other fraudulent means.

Share

LATEST ARTICLES

SSO Integration Blog Card Image | Sendmarc | Dmarc Protection and Security

Why SSO Is Essential for the Modern Business

Explore Single Sign-On (SSO) features, benefits, and integration options, and learn how it strengthens your business’s cybersecurity.
DMARC Policy Blog Card Image | Sendmarc | Dmarc Protection and Security

Understanding DMARC policies – p=none, p=quarantine, p=reject

Discover how implementing the right DMARC policy in your business can stop email impersonation, protect brand reputation, and boost deliverability.
A cybercriminal uses a laptop and targets holiday shoppers. A shopping cart is displayed above, a warning of the threat.

Protect Against Holiday Cybersecurity Threats

In our latest article, you’ll discover how to safeguard your business against the rise in holiday season cybersecurity threats.