The Connection Magazine AIM MUTUAL Spring 2020 | Page 31
"...IT’S VITAL FOR EMPLOYEES TO BE WELL TRAINED IN WHAT
TO LOOK FOR IN POTENTIAL MALICIOUS EMAILS."
• The subject line is short,
undescriptive, and in all capital
letters. Is this normal for this sender?
• The sender name is the full first
name, middle initial, and last name.
Do this person’s emails typically
come through like this?
• The sending address is a glaring
clue on this one. Is that the person’s
normal email address?
• This email contains an External
Sender Warning, which is warning
that this email originated from
outside the company. If this were
an internal communication, sent
from this person’s work email
address, there should not be an
external sender warning.
• There is no greeting in the body of
the email and the request could be
atypical for something this person
would normally request of you.
Also, the cadence of the request is
abrupt and might not be typical of
this sender.
• The email is signed Regards,
followed by only the first name and
a period. Is this how this person
normally signs his emails?
• Lastly, the last line is “Sent from
my iPad.” This person might not
typically send emails with an iPad
warning at the bottom.
Any one of these signs by itself is cause
to question the email, and the more signs,
the more wary you should be.
Example 1 is more obvious than most.
However, the most effective phishing
emails look very convincing and come
from people and companies that you
know and have ties to.
The Next Level
It’s especially important to be alert to
any request for personal information,
no matter how familiar you are with the
sender or how urgent the request is. You
might get an email like Example 2, telling
you someone is trying to gain access to an
account and you need to click a link to log
in and reset your password or re-enable
your account.
This can be scary when it’s coming from
a place like a bank, but that’s the point.
The attacker wants you to panic and make
a rash decision to click an unverified link.
Many companies send emails like this
when unauthorized attempts are made
to access accounts, but the valid ones will
not ask you to click a link. They will simply
suggest changing your password. This
forces you to go to the actual website
that you know is legitimate rather than
clicking an unknown link.
Example 2 - Unknown Link
The best advice possible, when it
comes to suspicious emails, is to slow
down, scrutinize, and ask questions. Most
companies have layers of protection
in place such as endpoint protection,
firewalls, multi-factor authentication,
and email and web filtering, but one of
the most effective layers of protection is
a well-trained employee who knows what
to look for.
1
Verizon, 2019 Data Breach Investigations Report,
https://enterprise.verizon.com/resources/
reports/2019/2019-data-breach-investigations-reportemea.pdf.
SHAWN HUFF is a Network Analyst for A.I.M. Mutual Insurance. He has been in IT for more than 10
years, working on security systems and projects such as managing firewalls, setting up and configuring
email/web filters, rolling out multi-factor authentication, and configuring device management systems.
He has worked in environments ranging from retail to higher education and insurance. Shawn holds an
associate degree from Northern Essex Community College.
31