Identify phishing messages
Knowing the elements of a phishing message will help you avoid falling victim to one. Here are some warning signs to watch out for:
- spelling and grammatical errors, and style variations
- phony URLs (e.g. misspelling of a company or domain name, additional characters added to a domain name, a URL that doesn’t match the company in which the email purports to be from)
- generic greeting lines (e.g. “Greetings”)
- promise of fortune or other financial gain (e.g. inheritance)
- money requests, including the purchase of gift cards
- Tip: if you receive a message like this from a colleague, call them on the phone before you take any action
- threats or claims to have information about you which you can only obtain by clicking a link
- email attachments you are not expecting or from an account you don’t know
Ways to protect yourself
Only click on links or open attachments you’re expecting
Cyber threat agents are becoming more sophisticated and are employing tactics such as mirroring a colleague at your company. Always check who an email is coming from and don’t open any links or attachments you’re not expecting.
Use another mode of communication
If you receive a request, link or attachment from a colleague, client or contact you’re not expecting, call them on the phone to verify the request is legitimate.
Browse securely with HTTPS
When connecting to websites that requires you to input sensitive information or login credentials, check your browser to ensure there is a lock icon to the left of the URL. The lock icon signals that the connection to the site is encrypted using HTTPS.
Employ Multi-factor Authentication
Multi-factor Authentication (MFA) requires users to provide two or more verification factors to gain access to a resource, such as an application or online account. It’s an industry standard security protocol that helps ensure threat actors can’t gain access to sensitive data. The best practice is to authenticate user access every 24 hours.
Be wary of public Wi-Fi networks
Though Wi-Fi is widely available and convenient for connecting to the web when you’re on the go, it can also make you susceptible to phishing. To help protect your data when connecting to a public Wi-Fi network, follow these steps:
- confirm the hotspot name is legitimate: only connect to networks whose names are posted (e.g. a library will have Wi-Fi connection instructions). If you’re not sure if a network is legitimate, ask an employee of the establishment you’re at
- enable your firewall before connecting to public Wi-Fi and avoid sending sensitive documents
- if you must send sensitive information, do it through a VPN
Collectively and individually, we should continually improve our cybersecurity awareness and enhance controls to combat growing threats. To learn more about how to protect your data, reach out to our cybersecurity leader, Peter Morin.