Office 365 – How to identify a phishing emails – a checklist

Phishing is a fraudulent attempt to trick individuals into sharing personal and sensitive information. The attempt typically involves a crafted email with hyperlinks to a website intentionally created to collect information from unsuspecting victims.

Are you up to the task of defending yourself and your organization against these attacks? Here are tips on what to watch for and how to respond.

  • Look but don’t click - Always be careful before clicking on any content in an email, including links and attachments.

  • In some cases a single click is all that is required for your machine to be compromised.

  • A favorite phishing tactic among cybercriminals is to spoof the display name of an email.

  • Take note of any irregularities in the sender. Double check the domain name, recipient list, subject line, message, etc.

  • Inspect the destination of a hyperlink. You can do this by hovering over the link with your mouse or a long-press on a mobile device. When you hover over a link, you can preview the destination.

  • Imposter senders - If the purported sender is someone you know, contact him or her directly to verify if he or she sent the email. Contact this person through a method other than email. If his or her email account has been compromised, an imposter can simply reply in the affirmative to any email response you send.

  • Review the signature - Lack of details about the signer or how you can contact a company strongly suggests a phish.

  • Forward a copy of the email to your organization’s security team or IT help desk so they can help assess and respond to the situation.

Phishing - Did you Know

You can arm yourself with tools such as the Multi-factor authentication on Office 365 accounts makes it harder for an attacker to access your account, but it doesn’t prevent them from using that password to access other accounts where the same password may be used.

The best form of defense against phishing is the education of your employees as the final protection layer in a holistic defense strategy, acknowledging that technology exists for, and is used by, people, who must therefore be included in the defense chain. This strategy underscores the need today for a completely holistic approach to cybersecurity, which works across a number of different platforms and does not rely only on IT support and technology applications.

Phishing Emails are evolving – is your business? Contact JecTech, your solutions architect and get more information on the options at your fingertips.