Many phishing attempts can be thwarted simply by educating your employees. Even if you catch red flags in an email, such as typos or poor grammar, an urgent demeanor, or even a spoofed domain, how can you truly decipher the safety of an email?
An immediate step you can take is to watch out for one of the most critical tell-tale signs of a phishing email – a mismatched or fake URL.
Why is hovering important? What can it do for you?
Hovering not only allows you a moment to think before proceeding, it allows you the opportunity to see where a link is going to redirect you. This is especially important because not all links lead to where they appear, or insinuate they'll go.
When you hover, check for the following to ensure you're staying safe and secure:
- If the email appears to be coming from a company, does the hover link match the website of the sender?
- Does link have a misspelling of a well-known website (Such as Micorsoft.com)?
- Does the link redirect to a suspicious external domain appearing to look like the sender’s domain (i.e. micorsoft-support.com rather than microsoft.com)?
- Does the hover link show a URL that does not match where the context of the email claims it will take you?
- Do you recognize the link’s address or did you even expect to receive the link?
- Did you receive a blank email with long hyperlinks and no further information or context?
If you notice anything about the email that alarms you, do not click links, open attachments, or even reply. If everything seems okay, but you're still not sure – verify! Ask your IT team or leadership if the email is legitimate before proceeding.
Remember, you are the last line of defense to prevent cyber criminals from succeeding and making you or your company susceptible to an attack.
Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team and LMT Technology Solutions