Browse our certifications
Find training
Open page navigation
Cyber Security

E-commerce sales are an opportunity for organizations to thrive in business online – cyber criminals thrive in this environment too.

Frantic conditions during the sales or over seasonal holidays are perfect for cyber criminals to exploit the unwary, there’s typically a lot of revenue streaming in and employees being distracted by unforgivingly fast-paced work.

Cyber criminals enjoy employing a technique known as ‘phishing’; viruses camouflaged as seemingly harmless e-mails. Employees who click on these phishing e-mails could unwittingly unleash viruses into the organization’s IT network with potentially disastrous consequences.

We’ve compiled a list of five top tips on spotting such phishing attempts. Hopefully you’ll be able to spot them before you’ve even opened the e-mail.

  1. Notice incorrect spelling and/or grammar:

Phishing e-mails often have suspiciously vague, miss-spelled subject lines which are particularly easy to spot when sent from a (hacked) employee who typically doesn’t misspell the contents of their e-mails.Surprisingly this is often a deliberate tactic employed by hackers to identify easier targets. When an employee opens a deliberately miss-spelled e-mail it suggests to the hacker that they’re particularly susceptible to scams. Hackers will consequently focus their efforts on these individuals, viewing them as easy prey.

  1. Check the sender’s e-mail address:

An easy way to identify a dodgy e-mail is to check if the sender’s domain is legitimate and aligns with the sender’s name. Depending on which e-mail client you use, the domain is usually displayed beside the sender’s name. For example, an alleged e-mail from Skynet should have a domain name such as ‘t1000@skynet.com’ as opposed to ‘t1000@skyknot.com’.

  1. The e-mail is requesting personal information:

One of the most glaringly obvious indicators of a phishing attempt is that e-mail’s requesting you to provide personal details, i.e. passwords, social security number, particularly in instances where it’s against company policy to request such information. Even if the e-mail’s from a recognizable source, never provide this sort of information without identifying if the e-mail’s legitimate.

  1. Is the e-mail trying to create a sense of urgency?

While I’m not suggesting that you help bring your company to ruins by ignoring high-priority messages from your colleagues – be wary of e-mails that request you respond or provide important information with haste. Commonly phishers attempt to bait their targets by suggesting the recipient’s received a large sum of money, which can only be obtained by providing sensitive bank details.

  1. The e-mail contains suspicious attachments:

Depending on how sly the phisher is – their e-mails may include an attachment with an obscure file name. Risky file formats include exe, Scr, .zip, .com. and .bat. These e-mails often claim that the attachment contains important details; others may be more blasé and simply ask you to open the attachment. Bear in mind that retailers and banks etc. will typically never send attachments via e-mail.

According to an article from IT Governance, 156 million phishing e-mails are sent daily – of which 15.6 million manage to sneak through spam filters. While we encourage organizations to train their staff through a cyber-security certification – simply spreading awareness of existing threats is a great preventative measure.

 

Author:  Matt Brewitt - originally published 22 December 2014

RELATED PRODUCTS

CDCAT® Classic Assessment

CDCAT® Classic Assessment

Our cyber security risk assessment helps you identify the cyber risks facing your business and make an action plan.

View more
AI Practitioner (AIP) Programme

Artificial Intelligence Practitioner Certification (AIP)

Learn how to use AI to reach your goals and reshape the way you work with the Artificial Intelligence Practitioner certification.

View more
NCSC Certified Training - Stand out from the crowd

NCSC Assured Training - Differentiate your course

Stand out. Get your training NCSC-Assured

View more
Close

Certifications & Solutions

Accredited Training Organizations

Leadership

Accredited training providers

Certifications & Solutions

Selecione um filtro e clique em Aplicar para ver os resultados