Although email phishing scams have been around since the inception of the internet, today’s scams are not only prevalent but also sophisticated. One of the top reasons why these scams have become common is because they are largely successful. In fact, according to the official statistics published by the Canadian government, the success rates are quite alarming.
The government reports that at least 156 million phishing emails are sent daily. At least 16 million emails make it through the filters which translate to a 10.2% delivery success rate. Out of the 16 million emails that are successfully delivered, approximately 8 million emails are opened translating to 50% success rate. Phishing scams usually work by tricking internet users into clicking on an attachment or link that either infects their computer with malware or redirects them to a page that looks 100% legit but it isn’t, and it is designed to steal your private information.
Since all of us are prone to encounter phishing and other malicious email activity at some point, it is good to implement a strong operational information systems security culture and a habit of critically evaluating every email before you open it to avoid email phishing scams. Here are some of email best practices that can safeguard you against phishing attempts.
Always Think Twice Before Clicking
At the center of every successful phishing attempt is the sender of the email and a naïve user who never took time to think twice before opening the email or downloading the attachments. People who send these emails are smart email marketers, and if you are not a critical thinker, you can easily get engaged with the email content and perform every action that the send directs to perform. That is why experts recommend that you listen to your gut before opening an email that you suspect isn’t genuine. When something feels wrong, probably it is. Since the primary goal of phishing is to persuade you to do something fishy without raising suspicion, you need to practice the highest level of skepticism even when everything seems right.
Validate the Sender’s Domain
Always ensure that the sender’s email domain is valid for the organization attempting to contact you. The number one rule that you should never forget is that don’t open business emails that have been sent from personal email accounts. Today, almost all organizations utilize support accounts or specific representatives known to their clients as authorized senders of their business emails.
Since new email phishing scams are developed every day, the only way you can stay on top of the game is to be aware of all the new phishing techniques. If you are informed, you will less likely fall prey to the scams. Online security experts in organizations should conduct ongoing security awareness training and simulate the latest phishing scams to keep security top of mind throughout the organization. If you receive any suspicious email, be sure to share it with the security experts and co-workers before you click on it.
Never Enter Sensitive Information in a Pop up Window
Pop-up windows are another unsuspecting tool that is used by phishers to collect private information. An essential tactic to help prevent phishing attacks is to avoid entering any sensitive information into a pop-up window except at sites that you are 100% sure that they are legit.
Don’t Be Shy to Contact the Sender
Personal and sensitive information is never to be given out in an email, and most organizations won’t ask for it. If you ever receive an email from an individual or organization requesting your personal or financial information that appears to be legit, don’t be afraid to call the sender of the email to confirm that the request is authentic.