Home/Blog/Cyber Security Best Practices For Preventing Phishing Attacks/
Cyber Security Best Practices For Preventing Phishing Attacks
security

Possibly the greatest cyber security threat today is phishing attacks. In fact, there is a new phishing scam that targets US job seekers with a lucrative job offer supposedly from the US government. But when the unlucky rubes open the attachments, they contain an exploit for a mass-exploited remote code execution flaw in Microsoft Office.

How To Identify A Phishing Email

It can be difficult to separate legitimate emails from spam these days. Cyber criminals get trickier all the time, but there are a few giveaways you can look for.

  1. Inspect the header. 

A legitimate organization almost always sends emails from email addresses containing the company’s domain name after the “@” symbol, like [email protected]. You must own the domain name or have an authorized person from the organization create one for you to get an email with the domain, so if it is there it is probably legitimate.

Read carefully, though! Often spammers will mimic legitimate domains with small, easy-to-miss differences, such as rawenii.com, or add extra words, like ravenii-online.com. If either of these things is true, do not open any attachments or respond to the email.

If you receive an email that claims to be from a legitimate organization but the sender’s domain is unknown or from a public email service like Google, Yahoo, or Hotmail, that’s spam. Another surefire tell is when the sender’s name doesn’t match the name in the email address. 

If there are no red flags on the sender, check the Bcc field. If your email address is there instead of in front of “To:” or “Send To:” it is likely spam. Legitimate organizations do not send blind copies of requests to do things like verify your credentials or transactions.

  1. Check embedded links.

DO NOT CLICK. Spammers often use embedded links that say one thing but really take you somewhere you don’t want to go. To see where it actually goes, hover over the link with your cursor. If the URL that pops up isn’t the same as the linked text, don’t click it. If a link uses a shortened URL like TinyURL or bit.ly, you can use the website: getlinkinfo.com to see the expanded URL.

  1. Look at spelling, grammar, and language style.

Typos happen even to everyone, but a legitimate organization will seldom put out emails with a ton of spelling and grammatical errors. Language that is overly urgent, pushy, or sounds fishy is another red flag. Scammers often pressure you to act by mentioning problems with important accounts or strict deadlines for response.

Cyber Security Depends On Your People

Your employees represent your business in all areas of data supervision, handling your sensitive client information, and keeping your proprietary business intelligence safe. If your employees practice poor data management behaviors, it could cause a significant and costly security breach for your business. It is imperative that your employees understand that they are all targets and susceptible to an attack. 

RAVENii’s Managed Security Training & Phishing Testing program is designed to help your business mitigate the number of security breaches caused by human error. 

Our goal is to change human risk behaviors and create an enhanced secure organizational culture. Our team will create effective security training and phishing testing campaigns for your employees to teach them the risks they should avoid and the steps they should take if they encounter a nefarious situation.

RAVENii’s Managed Security Training and Phishing Testing

Our program empowers your employees to handle your company information securely and follow your information security policies and processes. This is critical because the less they are prone to costly security incidents, the less likely they will give hackers an open invitation to your network.

RAVENii’s Managed Security Training and Phishing Testing platform will educate your employees on what cyber threats to look for and provide training on how to avoid them. This service follows best practices for educating your human firewall on how to treat your sensitive data and be security-aware. Management of your Security Awareness Training will include: 

  • Ongoing security awareness training & testing to ensure the Customer’s employees understand and exhibit the necessary behaviors and skills to help protect the security of the organization. 
  • Coordination with Customer’s Security & Compliance Teams to ensure training meets the Customer’s business requirements. 
  • Training to all employees and members on how to utilize secure authentication, how to identify social engineering attacks, how to identify and properly manage sensitive data, how to identify causes for unintentional data loss, how to identify the most common indicators of an incident, etc. 
  • Remediation plans for repeat offenders. 
  • Campaign and status reports. 

The managed Security Awareness Training also includes: 

  • Initial Onboarding 
  • New Hire Onboarding 
  • User Management & Support 
  • Phishing Campaigns (up to 12 per year) 
  • Full access to content library, including Compliance training modules

Cyber Security You Can Count On

It is absolutely imperative to be proactive with your cyber security strategy. Response-only is not a strategy, it is a numbers game with extremely bad odds. By monitoring the entirety of the IT environment, RAVENii moves beyond the sphere of security breaches; providing the most comprehensive discovery, analysis, and mitigation of threats associated with an organization’s presence. Our platform combines advanced analytics to assist in understanding attacks, assessing risks, and acting against digital threats.

For more information about cyber security services from RAVENii, click here or call (844) 317-0944 today.

CONTACT US

For more information about our services or to ask a question, please use this form. One of us will contact you soon.