- Why Abacus?
This is part of a phishing awareness campaign partnership between Abacus and Proofpoint, one of our valued cybersecurity solutions partners.
Cybercriminals utilize social engineering techniques— some basic and some very sophisticated—to manipulate human emotions and trigger a response. It can feel overwhelming sometimes given that we, as the targets, need to be right all the time while the attackers only need to be right once. But the good news is that small steps can amount to big strides when it comes to protecting data, devices, and systems at work and at home.
Here are three simple, practical cybersecurity awareness training tips you can use to identify and avoid malicious emails:
We receive so many emails that we’ve conditioned ourselves to skim messages and make quick decisions. But when we do this, we take unnecessary risks. That’s because there can be clues both on the surface and just below the surface of the message that can alert us to things that aren’t right. For example:
After you read an email, take a moment to digest it. What you want to do is give yourself the space to act thoughtfully, rather than just reacting in the moment. To help get yourself out of the habit of skimming and reacting, consider asking yourself a few quick questions about any email that requests a response or action that could compromise sensitive data, devices, or systems. For example:
It’s critical to remember that, with phishing scams, things are never what they seem. The reality is that a message can look and even sound legitimate but still set off a warning bell. For example, an email that comes from a corporate IT address and tells you to download new security software can seem trustworthy; it appears real and is on topic. But would that really be the process your IT department would follow?
If reading and thinking don’t get you to 100% confidence, you
must take extra steps to verify that you are dealing with a legitimate request before you click a link, download a file, or reply with sensitive data. Here are some easy ways to confirm that the information presented in an email is legitimate:
It takes just a minute to confirm a questionable message, whether it comes from a coworker, internal department, financial institution, or other source. In contrast, it can take days or weeks (or even longer) to remedy the consequences of interacting with a phishing or ransomware email. And sometimes you can’t ever remedy the consequences.