Train your employees to ask these 7 questions before clicking an email link.
The fastest and easiest way for cybercriminals to steal your confidential data or paralyze your network with ransomware is to send an email to your employees and get just one of them to click on a link or open an attachment. That is all they have to do, and once anyone on the network clicks, they criminal has been invited in to do whatever damage they want. Employee education is the key to your corporate security. Teaching them to ask these questions before clicking is one of the most effective security strategies you could implement.
7 Questions to Ask Before Clicking a Link or Opening an E-mail Attachment.
Learning to correctly identifying a safe email from a phishing email is critical to data security.
Starting now, every time you open an email be suspicious, and ask yourself these 7 questions:
- Do I know the Sender? You have to become street smart when navigating your email inbox. You would not open a package handed to you by a stranger while walking down the street, so why would you open an attachment or click on a link from a stranger in your inbox? If you don't know the sender, do not click!
- Am I expecting this? Just yesterday I heard from a participant in one of my security training classes that when he just received an email from Chase Credit Card Services and there was a link in the email. Although he knows who Chase is, he does not have a Chase Credit Card. He might have clicked the link out of curiosity before, but when he asked himself the question "am I expecting this" he realized this was suspicious, and prevented a disaster by deleting the email.
- Analyze the senders email address - Look at the example below. The email "From" address says it's from Target.com, but look at the email address provided. You would expect it to have target.com in the URL. This is highly suspicious and should be deleted immediately. The senders "From" information often holds the biggest clue, always look at this closely
4. Do they use your name? Or do they use a generic name such as Dear Customer? How would you expect this sender to address you? I have a friend whose email account was hacked and an email was sent by the hackers to everyone in their address book. The email I received appeared to be from my friend, but it addressed me by my formal name that she would not normally use to address me. That was suspicious, and I deleted the email immediately. If it were my bank, they should know my name and not address me as "Dear Customer". It is a safe practice to never click an email link from a financial institution, instead, type their url into your browser and you will never go wrong.
5. Is the subject line suspicious? You would be surprised how often this is a dead giveaway, yet since we are all so busy it is very easy to miss this. Many people recently fell for an email supposedly sent by the IRS with the subject: "Receive your tax refund on your Visa or Mastercard". First of all, the IRS is not going to email you asking for sensitive information such as your credit card number or social security number. Often times the subject line of phishing emails doesn't even make sense. Your awareness to this fact can save you a lot of problems.
6. Is the grammar suspicious? Many phishing emails come from other countries where their grammar is a giant clue that something is not right. They are aware of this and their grammar is improving, but there are often clues in how words are used, poor punctuation and spelling that you would not expect from a reputable company.
7. Always Hover before clicking an email link. This is the final and most important safety practice of all. Even if the email has passed the first 6 questions, when you click a link you are inviting anything that could be attached to run on your computer. Simply hover your mouse over the link without clicking and you will see the URL address that you will be directed to once you click. In the email below, if you would click on the link that says Sign up now, you will be taken to a website called badsite.com. Nothing good can happen there! It won't be this obvious, but any address other than https://www.chase.com/ in this email is a clue not to click. Never Click unless you Hover and are sure that you want to go where the link is about to take you. The URL before the first / is the URL you will be directed to. Also, make sure it begins with https, which indicates that it is a secure website. Know before you go, the consequences can be very costly!
Ask yourself these 7 questions the next time you navigate through your email inbox. These questions will become a habit, and you can save yourself and your company an enormous amount of time and money that could otherwise be spent trying to undo the damage that can be done by just one uninformed click.