CONSIDER ALL EMAILS AS PHISHING ATTEMPTS

Which One Is Easier To Spot, A Phishing Email Or A Legit Email?

As part of building a solid and safer security stack in today’s constant ransomware and cybersecurity attacks landscape, we need to build a more restrictive security strategy and policies.

On that end, we recommend changing your strategy when it comes to emails by considering all emails as phishing attempts. The advantage: you will never click on any links on any emails if you consider them as phishing attempts.

At first, this strategy could sound a bit unpractical and make email a less efficient tool for communication. This could be true unless we learn and master the ways to identify legit emails!

Think about it, how many of the emails you received today are really legit emails? I bet the number of spam and phishing emails that ended up in your inbox & spam folder is far greater!

Phishing emails are growing in numbers, getting more deceiving and more complex! Learning to spot phishing emails and keeping up with their evolution is a huge task that most people are not interested in or have time for. Besides, that is not your job and it is time consuming and requires special skill in many cases to spot phishing emails.

On the other hand, learning to identify legit emails seem much easier and safer because they are easier to be recognized and more importantly they are not evolving to be more complex in forms and content.

Let the email security experts worry about catching phishing emails and build tools to filter these emails as much as possible and you focus only on important emails sent from people you know or want to know.

How to identify legit emails?

Legit emails are sent from known senders that also have known and familiar subject lines, content structure, grammar, wording, spelling, logos and graphics.

Legit emails are emails that you recognize not only by looking at the sender’s email address but also the subject, content structure, grammar, wording, spelling, logos and graphics matching sender’s style of emailing. Any deviation from what you know and are familiar with about the sender you should be alarmed and consider the email as a potential phishing attempt. 

Let’s look at two simple scenarios. Let’s say you just received a new email from bob  (bob@company1.com) who you are emailing back and forth with. Because bob@company1.com is one of the email addresses you know, you open the email to validate and see if this is a legit email. When you go through the email and read its subject and content you might discover:

Scenario 1: It has a known and familiar subject line, structure, grammar, spelling, and wording and they look familiar matching Bob’s email style with no new and odd links, attachments or any new logo or graphics. This email is most probably a legit email from Bob.

Scenario 2:  You see a somewhat different subject line out of scope of your communication with Bob, different structure, grammar, spelling, or wording that seem unusual and not a common style for emails received from Bob. The probability that this email is a phishing attempt is very high and this email should be considered as a phishing email until it is fully validated. You decide to call Bob and validate this email before taking any actions or clicking on any links or attachments.

Whether you decide to add this strategy to your company’s security playbook and apply this strategy or not, remember to use spam filtering and email protection tools using ML (Machine Learning) and AI (Artificial Intelligence) to filter most of these phishing and spam emails. Obviously, this strategy may be applied on top of the filtering tools deployment not only in environments receiving a huge number of phishing attempts and spam emails but also in environments with higher and tougher security requirements and policies.

Learn more about how to identify a legitimate email here:

Tips On How To Distinguish Between a Phishing Email From a Legitimate Email?

Email security is just one of the security layers that address vulnerabilities by deploying employee security awareness, and the right tools, strategies and policies. Remember, you cannot fix vulnerabilities in your business if you don’t know what they are! Click below and get your Confidential and FREE Cybersecurity Risk Assessment Today!

Move To The Next Level Of Cybersecurity & Productivity