Opening a Phished email is like receiving a mosquito bite. Your deeply protective primal mind somehow misses the intrusion, and only after you feel the first twinges of an itch, does your modern logical mind slam the identification and consequences into your consciousness. Too late. Your body is now tasked with combating the irritation and potentially mortal consequences.
Make no mistake, both mosquito bites and emails can be deadly. When a hospital loses its electronic nervous system through ransomware, it has absolutely placed its patients in harm’s way.
There are many things your technology staff should be doing to inoculate you from this danger, but in the end, they are relying on you to keep your system safe.
Here are some simple steps you can take to do your part to combat phishing:
1st – Look at your email for anomalies.
– Visually scan the email, put it into context. Would this person/company approach you in the way the email reads?
– Is the grammar and word usage in context?
– Look at the from address, do both sides of the @ make sense?
– If it seems at all “wrong”, even without a direct reason, close out of the email and report it to IT.
2nd – Hover, don’t click.
– As you hover over a link, the link address will appear at the bottom of your browser.
– Ask yourself if the address (between http:// and the next / match the context of the email and action?
– When in doubt open a new window and type in the website address directly rather than clicking on the link from unsolicited emails
3rd – Never click on an attachment with a file type of: .zip, .com, .exe, .pif, and any type you are not familiar with.
– Attachments are bad. You need to assure yourself everything is, without a single doubt, correct before clicking on an attachment.
– To open a file with these types, you need 100% verification from the sender that they sent you an email and attachment. As in, while on the phone with the sender, “OK, send me the email now”, “Got it, thanks” kind of verification.
– If anything you click on within your email gives you the below message (or something similar), the answer is NO. Contact your technology group and ask them to give you direction.
4th – Doing nothing is a good answer.
– Ask yourself if taking a chance is worth the very existence of your company.
– Report your suspicion to your IT staff. Tell them you will not touch the email until they approve.
– Don’t forward the email to the sender asking if it is a valid email – your coworker is as apt to make the same mistake as you. Either send them a fresh email, or give them a call.
As with mosquitoes, some harmful emails will get through even the best planned defensive technology. By the time you open your email, the only defense left is your situational awareness and vigilance. Be suspicious and immediately report anything that does not “feel” right.
– Gary Merry, CEO