Copy
Hone your phish detection skills.
View this email in your browser
<<First Name>>, today you’re going to put your sleuthing skills to use, and uncover the clues that point toward imposter emails and websites, seeking to dupe you into giving up your information.

Before getting into spotting imposters, though, it’s important to set some ground rules for how you engage with emails from unknown and unsolicited sources.
 

If the email is unsolicited or from an unknown sender:

  1. Don't click links
  2. Don’t download files
  3. Don’t share your personal information
Clicking links or downloading files from these emails could infect your computer with malware, or try to phish information from you. Rule number 3 is special though: 

Legitimate services will never ask you for personal information over email. Security questions like “What is the name of the street you grew up on?” exist specifically so that services can identify you as the account-holder without asking for your username and password. 

Get an email from the bank saying you have unauthorized activity on your account? Don't click the links in that email! Instead, type in your bank's website yourself, log in, and see if they actually have notifications for you there. Attackers prey on your emotion—they want to cloud your judgement by making you think something is at stake, using tactics like:
  • Accusations of being overdue
  • Informing you that something is at risk
  • Requiring urgent fast response
In 2016, Atlantic Health Systems used Duo Security’s phishing simulator to test its employees—2/3s of those who opened the email gave up their login details and followed all the malicious directions given. [Tweet this!]
Thankfully, most phishing emails and scam websites can be spotted using visual clues alone. 
  • Look at the wording
  • Look at the sender (or the URL, if you think you might be on an scam website)
  • Look at the images/logos

Here is an egregiously bad phishing mail, purportedly from Google, which violates all of those rules.
To test your skills, take this short Bulletproof Security Phishing Quiz, which pits you against 10 website screenshots to sniff out which ones are authentic, and which are impostors looking to phish your information. 


Bulletproof Security Phishing Quiz

 

Now it’s your turn:

You pick back up in two days, to grab some patching and update habits which will keep your app security airtight.

Talk to you then!

Dan & Garrett


 
Copyright © 2022 Newmind Group, Inc., All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list