Rather than raise awareness, headlines like “85% of large companies have been hacked” often leave small and midsize businesses with the false impression that their size and anonymity will protect them from attack.

In fact, not only are small and midsize businesses just as susceptible to network security breaches, they are often less resilient when an attack occurs because of the high cost of downtime, lost reputation and an IT rebuild.

A simple phishing email can help a criminal gain access to email accounts and passwords, allowing them to penetrate your network security undetected. 4.2 billion email accounts can be purchased on the Dark Web, each usually costing 50 cents or less.

5 Telltale Warning Signs of a Phishing Email

Phishing attacks are particularly challenging because they circumvent your IT defenses by enticing employees to open a predatory email or click on a malicious link. As we mentioned, the key to safeguarding against phishing attacks is to promote awareness and educate your staff.

An easy and practical way to get started is to take these 5 warning signs and share them with your whole team:

1.     The style and formatting of the email

Phishing emails often arrive camouflaged in the style, formatting and branding of the individual or business that it claims to represent. That means you shouldn’t just read the contents but also observe the appearance of the email for any oddities or irregularities.

2.     Are the email and web address legitimate?

Another way phishing emails are disguised is by using an email address or web address that looks remarkably similar to the real thing. However, on second glance you will probably spot one or more important discrepancies. For example, “.net” extension when the company actually uses “.com.”

3.     Check for grammar like a 5th grade English teacher

We all manage to occasionally slip a typo past the spellcheckers, especially when we thumb-type the email on our phone while waiting in line at the bank or grocery store. So, while grammar errors are not a foolproof sign of a phishing attack, they are an important warning sign that you absolutely shouldn’t ignore.

4.     A so-called ‘emergency’

Phishing emails spin tales about why you need to take urgent action either to earn something or avoid negative consequences. Worry and urgency together are a toxic brew that directly attacks the judgment center of our brain. If an email persuades you to act right away, it’s probably best to handle the issue by phone.

5.     Beware of emails containing attachments

If an email has triggered your suspicion because of any one of the four previous warning signs, absolutely don’t open any attachment that comes with it. Otherwise, even if the email doesn’t appear suspicious for any reason, always practice the 10-second rule. That forces you to re-review the email for warning signs while you wait 10 seconds before opening the attachment.

If there is even a minuscule chance the email might be fraudulent, forward it to your IT team for their appraisal before you open it.

Dark Web Scanning is Critical for Businesses

Even when a business takes all the right security measures,  including adopting top-shelf network security and educating staff, it’s difficult to ensure that every one of its vendors, customers and suppliers exercise the same caution. That’s why routinely monitoring the Dark Web is an essential security measure.

As part of our GUARDIAN Managed Security Services and as a stand-alone cyber security service, Deerwood Technologies can provide active monitoring of the Dark Web 24/7/365 for any and all warning signs that credentials and data tied to your company have been leaked.

We scan:

  • Botnets
  • Illicit chat rooms
  • Peer-to-peer networks
  • Malicious websites and blogs
  • Bulletin boards
  • Black market sites
  • Both public and private forums

Scanning the Dark Web provides continued peace of mind and allows our team to act quickly on your behalf to prevent a costly breach. Click here to get an initial free scan of the Dark Web for your company domain. The scan will identify what information is already out on the Dark Web for your company.