7 Things You Should Teach in Training

In the past, hackers targeted consumers in their phishing attacks. That’s why the first priority of companies was to protect their consumers from malware. However, phishing is considered the biggest cyber attack for companies today and is responsible for almost 100% of security vulnerabilities. Since cyber security measures are not at a level that can prevent all phishing attacks, your employees need training on what to pay attention to to protect themselves from these attacks. Phishing attacks are getting more complex day by day. Although there are dozens of methods that can be used, hackers usually prefer a handful of methods. In this article, we will talk about 7 things you should teach in training.

7 Things You Should Teach in Training: What is Phishing?

7 Things You Should Teach in Training

7 Things You Should Teach in Training

1. Attacks are becoming more targeted and personal

2. Phishing emails may contain brand logos and images

3. Hackers use more complex phishing emails

4. Threatening or tempting texts

These aggressively written emails or messages that prompt you to take immediate action are usually a trap. Emails written in this way aim to steal your personal information by scaring you. Some spear phishing attacks send you emails that appear to come from a co-worker to instill fear of the consequences you may face at work. Emails from your CEO urgently requesting a gift card or bank transfer are the best examples of spear phishing. Such an email from your superior will cause you a sense of panic and you will feel the need to reply as soon as possible without thinking about it.

5. Email addresses can be deceptive

  • Cousin domain name

The cousin domain looks exactly like the original domain name but hackers make a small change to trick you. They may try to scam you by using facebook.co instead of facebook.com. Hackers may also use extensions like facebook-support.org, facebook-logins.net to trick you. There is also an increase in use of long and confusing subdomains such as facebook.accounts@facebook.it.support.org

  • Display name spoofing

Hackers use a well known brand’s email address as the sender in display name spoofing. However there is a random address under that email address. Display name spoofing is more difficult to spot when you log into your email from a mobile device. Because when you are using a mobile device, the sender’s email address is usually hidden. Hackers also continue to use this method, relying on most mobile device users don’t look up the sender’s name.

6. Links are usually fake

Your employees should make sure that the source of the URL is reliable. They should be extra wary of URLs ending in an alternative domain other than .com or .org. Additionally, hackers can try to bypass email filters and trick you by making use of URL shortening websites like Bitly. If you suspect such a situation, you can use our Incident Response tool to report the suspicious mail. With our tool you can send the email to us using just one click. We will analyze the email’s sender, links and attachments carefully. Click here to find out more.

7. Attachments may contain phishing links

7 Things You Should Teach in Training: What to Do When Your Employees Receive A Phishing Email?

7 Things You Should Teach in Training

Phishing attacks can take a lot of time and may also cost your company a lot. Just one click can compromise all your data; so it is crucial that all employees work as a team. Our Threat Sharing tool helps you create a network between your employees. Using Threat Sharing, everyone can share their knowledge with other team members. This way, you can turn individual information into a strong protection.

Creating a system for reporting phishing attacks is an important step you can take, and you should make sure your employees understand that it is important to report them. Deleting suspicious emails is not a permanent solution and your IT team should know that your company is under threat. You should warn your employees to contact the IT team when they receive such an e-mail. In this way, the IT team can take the right action at the right time and generate feedback to improve the email filter. Check out our Incident Responder tool for reporting suspicious emails.

We also recommend regular phishing awareness training. Your employees should have access to immediate phishing awareness training if they encounter a phishing attack. When an employee clicks on the phishing link, they should receive feedback and training. Look back at the email with your employees, point out the red flags and signs they missed, and provide them with additional training materials to protect them from future phishing attacks. You can use our Awareness Educator for this. Our tool contains various training materials to support all your needs.

Keepnet is an anti phishing solution and cybersecurity awareness training platform