At TNTMAX, we train our employees, subcontractors, and our clients’ staff to develop CSAI. We believe that a well-trained staff with a high CSAI is the best defense against cyberattacks. The pervasiveness of phishing scams is at an all-time high and one of the major weapons used by hackers to gain a foothold into your organization.
Below are the key CSAI – Phishing Awareness points you must learn and apply to protect yourself and your organization from phishing and other cyber security threats.
CSAI PHISHING AWARENESS
- Slow down and process – Slow down, carefully read and review the content of all emails you receive – and apply your CSAI knowledge.
- Do not feel overconfident – Hackers spend hours and hours sharpening their skills at crafting Phishing scams and other cyber security attacks. We need to be humble and understand we are at a disadvantage and must be extra careful with everything we do online (email, social media, web browsing, etc.)
- Do not trust the FROM – Do not trust the FROM email address. It can easily be forged and does not guarantee the source of the email.
- Links & Attachment Warning – Does the email contain links, clickable photos, video, or an attachment? Be extra careful with these types of email. For a phishing scam to infect your computer, it requires the user to click on links, clickable photos, video, and/or attachments in an email that trigger the malware or redirect you to a malware-infected site.
- Are you feeling pressured – Is the sender asking you to click on a link or open an attachment to avoid a negative consequence or to gain something of value?
- Poor Spelling – Does the email message contain poor spelling and grammar?
- Use common sense – Is the email out of the ordinary, odd, or illogical? Are you uncomfortable about this email for what it is prompting you to do?
- Remind yourself – I am the best defense against Phishing attacks. I must apply all my CSAI knowledge to protect myself and my company from Cyber threats.
- Threatening email – If the email threatens to expose a compromising or embarrassing picture of you or someone you know, remember there are great tools to edit a photo and/or a video on the internet. Hackers are experts at all of them, and they can easily grab a benign photo from your Instagram, Facebook feed and make a fake that looks very real. With artificial intelligence (AI) they can do the same with video.
- Mismatched URL – Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (this works in Microsoft Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.
- Wrong Misleading Domain – This is a little more technical. Hackers depend on their victims not knowing how the Domain Name Servers (DNS) naming structure works. Domain names must be read from right to left. Sometimes the domain starts with the country code on the far right, though not all countries require a country code – only some (.uk for United Kingdom, .fr for France, .cn for China, etc.). The next section is a top-level domain (TLD) that describes the type of domain – for example .gov for government, .com for commercial, & .net for network. The following section is the domain name. MOST IMPORTANT – it must be KNOWN & TRUSTED by you (the company name you trust (tntmax.com for TNTMAX, Verizon.com for Verizon, etc.). For example, if you see a domain protecturself.com this domain is not from TNTMAX it is from protecturself.com – because TNTMAX is located in what is called the third level domain. It is not from TNTMAX, but instead from the untrusted domain protecturself – SO DO NOT CLICK!! On the other hand, the domain protecturself.tntmax.com comes from TNTMAX, a trusted source and is ok to trust and click on.
- Common sense rules – When in doubt, DO NOT CLICK. Contact the sender by calling him/her using a trusted phone number from your contacts to verify that the email is genuine, and it is okay to click on any link or attachment.
- Money/Financial – For any email asking you to transfer funds, change ACH information for vendor payment (Automated Clearing House) or perform any other financial transaction, always perform the CSAI required three checks:
- Never send any money or change ACH based on an email – no matter how real it looks.
- ALWAYS verify by calling your vendor or client using a phone number you TRUST. This is a phone number listed on the credit card statement or vendor bill you receive every month, call your manager and/or company owner to confirm.
- Feel confident that you performed your due diligence and gather proof from step one and two before proceeding.
- CSAI Training – Your work is never done. On-going training and refresher courses on preventative techniques against phishing and other cyber-attacks must be part of your new security by design approach to email and computer security.
The fact that you read this entire post is proof you are actively looking to improve your security awareness and TNTMAX gives you a virtual pat on the back toward your CSAI – Phishing Awareness! Keep up the good work as you are on the right path. Come back to our blog for more material to help you increase you CSAI knowledge.
President of TNTMAX