Most cyberattacks originate in your email through phishing attacks because attackers take advantage of human error. Therefore, we will help you choose a service designed to reduce spam and your exposure to attacks on your staff via email. Furthermore, we can also recommend training and education to help your staff spot phishing emails to alleviate the risk of human vulnerability.
What is phishing?
Phishing is sending a deceiving email prompting the recipient to give up something valuable. For example, money, clicking on a malicious link or giving up company data.
Phishing emails or texts can be convincing hence why they are so effective. Over the past few years, phishing attempts have become more frequent and more sophisticated, and if your workforce fails to spot the red flags of a phishing email, your company data will be at risk.
How to spot a spam email
Here are some easy things to look out for when you receive an email. Ask yourself these questions.
- Do I recognise the sender’s email address?
- Is the sender outside of my organisation and not related to my job responsibilities?
- Is this email from someone I recognise but is unusual or out of character?
- Does the email sender have a suspicious domain?
- Can anyone vouch for this sender if I do not personally know them?
- Do I have a business relationship with this person or any past communications?
- Is this email unexpected or unusual with an embedded hyperlink or attachment from someone I have not communicated with recently?
- Am I cc’d into an email with other people I do not know?
- Are the other people in this email an unusual group from the office that wouldn’t regularly be in an email together?
- If I hover over a hyperlink, is the link the same as the displayed address?
- Have I received an email with a long hyperlink and no other information?
- Are there any misspellings in the hyperlink?
- Was this email sent during regular business hours?
- Is the email subject relevant to the email content?
- Is the email replying to something I never requested?
- Does the email have an attachment that I wasn’t expecting or an attachment that makes no sense?
- Is the attachment a potentially dangerous file type? The only file type that is always safe is a .txt file.
- Is the sender asking me to click on a link or open an attachment to avoid a negative consequence or gain some value?
- Does the email have bad spelling or grammar?
- Is the sender asking me to click on a link or open an attachment that seems odd or illogical?
- Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
- Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know?
How to prevent spam email
Microsoft filters your emails to prevent spam. We can configure your spam recognition on a scale. For example, a more restrictive filter catches more suspicious emails; however, this can cause some of your necessary emails to go into the spam folder. Our engineers can turn this setting up or down to get the right balance of security for you.
Furthermore, you can upgrade the default Microsoft virus filter to Microsoft Defender for Office 365, which will catch more spam that contains viruses. Microsoft Defender deletes the virus-infested email before it gets to your spam filter.
If Microsoft Defender is too expensive, you can opt for third party virus protection for Microsoft 365. For example, Bitdefender Cloud Security for Office 365 is a great tool that scores at the top of the class for catching virus infections.
To help Microsoft recognise spam better, you can mark emails as junk or not junk. As a result, this will help make the Microsoft filter more accurately for everyone.
Phishing email education
Another way you can prevent spam emails and phishing from affecting your business is to educate your staff and take out the human vulnerability factor.
Educate your staff with the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters. However, training alone cannot give you peace of mind that your staff can spot a spam email; you need to test them.
Our partner KnowBe4 allows you to send your staff mock phishing emails which test their knowledge and awareness. If they report the email as spam using the Phish Alert Button, they will pass the test, and if they click on a link, you can refer more training to them. This method provides a baseline of data and a Phish-Prone percentage which you can improve over time.