The Connection Magazine AIM MUTUAL Spring 2020 | Page 30

PHISHING PHISHING EMAILS TO WATCH FOR PHISHING EMAILS are a fact of life these days. Death, taxes, and phishing emails. Verizon’s 2019 Data Breach Investigations Report lists phishing attacks and the use of stolen credentials (attained through phishing) as the top two sources of breaches in the financial and insurance sectors. 1 These emails come in a wide variety of styles and techniques and attempt to accomplish a wide range of goals. Some are targeted and personal, while others are generic and sent out to hundreds of people at a time, hoping at least a couple will fall into the trap. Some are trying to pry a little bit of useful information; others are trying to get into the system by acquiring credentials or installing malicious software attached to the phishing email. Robust security systems are a huge asset in blocking these emails, but some will inevitably make it through to employees. Therefore, it’s vital for employees to be well trained in what to look for in potential malicious emails. Start with the sender. Who did this email come from? Was I expecting an email from this person? Does the cadence seem familiar based on prior communication? At first glance, the name at the bottom of the email might be a name you’re familiar with. But did it actually come from that person? Look closely at the “From” address and the external sender warning. Some emails are less sophisticated than others. Example 1 is riddled with clues, but here are some of the highlights from top to bottom. Example 1 - Quick Task 30