We have prepared a free memo for you, which you can use to teach employees the basic rules for recognizing phishing emails.
You can actualize it for your organization, add it to your briefings, presentations and distribute it freely.
Letters should be considered suspicious if they contain:
- Several mistakes and typos in the text of the letter;
- Links in the form of numbers. Example: 117.24.232.27
- Links containing the symbol "@"; Example: https://bank.com@evil.online
- Links with two or more addresses. Example: https://bank.com/cms/rd.php?go=https://bitly.com/bank
- There is ?www? at the beginning of the site address, but there is no dot or there is dash. Example: wwwbank.com or www-bank.com
- At the beginning of the site address, there is ?HTTP? or ?HTTPS?, but there is no "://". Example: httpsbank.com
- When there are several dots in the site address, look at what is written on the right side, up to the first character "/", there you will find the original site and if it is not familiar to you the link is suspicious. Example: www.bank.com.evil.online/login?id=12/aa/bank.com
- If the link looks different when hovering the mouse pointer. Example: in the text of the email it says online.com, but when you hover your mouse over it, oniine.com appears in the bottom corner of the browser.?
- The attacker can replace the letter "o" with the number "0" or the small Latin letter L "l", with a large letter i "I" or "b" with "d", etc. Example:?0nIine.dank.com instead of online.bank.com
- The link may not be clickable, but it may contain spoofed characters. An intruder hopes that you copy the link and paste it into your browser. Example: The link online.com is mentioned in the email, you copy and paste it into your browser, but it turns out to be oniine.com
- Just because a link starts with https:// doesn't mean it's safe;
- The letters in the text are partially substituted; Examples: HeIIo.?|-|ow are you d0ing?;
- Corporate letters with missing additional contacts (name, title, phone number, mailing address);
- A non-standard design of the corporate style that was usually used is used. Example: no logo, different size, or font style.
- The email in the ?sender? field could be forged or the sender you know could have been hacked.
- Any emails with default attachments should be considered suspicious. This does not mean that you have to send them to the security service right away. It is just that attachments most often infect computers and no anti-virus guarantees complete protection. If you were not expecting an email with this attachment and/or there are other signs in the email, follow the instructions below.
What to do if you receive a suspicious letter:
So, you have determined that the letter is suspicious, what should you do next?
- Clarify the fact of sending such a letter in person, over the phone, via messenger, or other communication channels in your organization;
- Take the contact information not from the letter but other sources: your address book, business card, ask colleagues, check official sites, corporate telephone directory;
- Or immediately forward the letter to the security service.
