Both Ransomware and Phishing emails can be considered as complicated and difficult to counteract. However there a few simple methods of avoiding an attack. Below is a few suggestions that can help in this regard, however it is extremely important that all employees - in particular - are fully informed.
·Look at the sender’s email address
Users must pay attention to the sender's email address. Look for spacing between wording and if the employee is unsure about the address or whether an email request is legitimate, the user must either delete the mail or verify it by contacting the company directly. ·
Look at the email subject line
Does the subject line create a sense of urgency? These may be malicious and are designed to get an immediate response, is likely an indicator. ·
Look at the body of the email
Be cautious of misspellings and incorrect formatting. Does the email have the company’s contact information and/or logo graphics that the user is accustomed to seeing or if the user has had previous interaction with the company via e mail?
Look for URL links in the message
Embedded links may be redirection links with the intent to take a user to a malicious site - primarily used as a tactic by Middlemen - hackers who set up fake sites that look the same as the legitimate site .
By hovering the mouse over the link, it will provide information about where the link is redirecting. It’s better to type the URL into a browser than to trust the hyperlink. If unsure about the safety of the link, contact the sender and verify that they sent the link.
However, do not use the contact information in the email to verify (it could be fake).
Search via a reputable search facility for the contact information and contact that sender. Always use caution when clicking an external link.
Look at the email attachment
Is it common practice to receive attachments from the sender? Is the type of file recognizable?
Attachments should always be treated with extreme caution. If there is any uncertainty of the legitimacy of an attachment, do not open it, and delete the entire mail.
Don’t reveal too much information
Do not reveal personal or financial information in an email, and do not respond to email solicitations that ask for this type of information. In addition do not respond to emails that ask for company information which is not normally acceptable to share with clients.
When in doubt, throw it out
Links in emails, tweets, posts, and online advertisements are often how cybercriminals try to steal personal information. Even if the source is know to the user, if something looks suspicious, - delete.
Look for the HTTPS lock icon
Before sending sensitive information over the internet, check the security of the website. The HTTPS lock icon indicates the site is secure.
Pay attention to the website’s URL
Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (.com versus .NET, or .co versus .com, for example).
Check that Windows and antivirus is up to date
Check that your antivirus protection is active and up to date on all devices connected to the system. If the user is not sure, insist the user looks for assistance.
Never allow employees to access personal email on the Office computer or when connected to the the company network
The defenses may not be in place to stop a virus or malicious email from executing through those channels.