One of the easiest methods of infiltrating the most security-driven companies, is the classic phishing email. Phishing emails are designed to take advantage of easily exploitable employees that fall for common social engineering tactics; free, promos, and scareware.
When something is too good to be true, go with your instincts – it’s most likely bad. A great tactic that is commonly forgotten is asking for help, if you don’t know something or fear that you have been phished, report the incident. The worst thing that can happen is that the incident is contained and infrastructure improvements can be made to ensure it doesn’t happen again. The best case scenario shows that employees are paying attention and applying their security awareness training in a practical environment.
The greatest disservice is to fall for a phishing campaign and not report it. Accidents happen, and people make mistakes – your IT Security and Help Desk teams will be far more grateful for a reported incident, than if you purposely distance yourself from the event.
Some advice you can take to the bank;
- Look at the sender name and email, if it appears to be odd, it’s because it is.
- Hover [mouse] over links in emails, make sure the destination URL matches the intention stated in the subject line of the email.
- Copy the sender’s email address and look it up in the employee directory, if it doesn’t match, report it.
We can only be as strong as our weakest link, and unfortunately, phishing emails laced with malware are the most common threat vectors seen today. Contact our Security Solutions Team so we can work with you to aide in preventative and proactive measures.
We must be vigilant, we must be ready, and most of all, we must be educated!
Adam Zimmerman, Security Solutions Architect
With over six years of experience in the technology industry, Adam’s experience covers information security operations, cyber security advisory, penetration testing, and advanced exploitation. Adam’s primary focus is helping organizations build strong security practices and prepare for potential attacks.
Adam holds a Masters in IT Security from the University of Ontario Institute of Technology, where he successfully developed a malware classification tool with a security firm based in Ottawa. Additionally, he has worked on several cyber consulting engagements as a lead security researcher and was able to develop an exploit for the FAA’s NextGen Air Traffic Control Management System.
Adam currently serves in the Canadian Armed Forces as a Second Lieutenant where he holds a command position as a Troop Commander for 32 Combat Engineer Regiment of Toronto; specializing in mobility denial and facilitation, tactical breaching, controlled munitions disposal, and various humanitarian support operations.