Phishing Email Tests For Employees

The Importance of Phishing Email Tests for Employees

Phishing is a real threat to small and medium businesses, and if employees are not diligent about protecting the information that they can access, even the smallest mistake can cost your company everything. Phishing email tests are a great way to help you better understand your vulnerabilities, and they give you a great talking point during security meetings. Here’s what you should know. What is Phishing? Phishing is an online scam in which a criminal sends out emails pretending to be someone else and get their target to reveal sensitive  information such as credit card numbers,banking information, or passwords. One example would be a criminal trying to impersonate someone within your organization like a CEO, CFO, or manager. Another example would be a cyber criminal trying to impersonate a business outside your organization like Google, Netflix, PayPal, and others, in order to get your employee to provide sensitive information. The goal is to get your employees to act out of fear or curiosity and gain access to various types of data. This may include things like a username or password or even bank account information. For businesses, the ultimate goal may be your entire network, which can be devastating. Phishing is also not limited to emails. Cyber criminals may also employee other methods such as text messaging or phone calls. The Effects of Phishing on Businesses Per a 2017 report compiled by PhishMe, the average phishing attack on a mid-sized business cost that business a total of $1.6 million – a sum that can easily cause a company to go under. The same report found that employees are most susceptible to phishing attacks that target them as consumers rather than employees. The good news in the report is that phishing susceptibility rates are on the decline; 14.1% of organizations fell victim to phishing in 2015 compared to just 10.8% in 2017. Nevertheless, it is crucial that small and medium businesses remain vigilant in their security. The effects of phishing on businesses is not limited to monetary losses either. Other examples include loss of intellectual property, damages to a company’s reputation, loss of productivity, and loss of customers to name a few. Common Characteristics of Phishing Emails A Sense of Urgency – A favorite tactic amongst cyber-criminals is to try and get you to act quickly on their request. They create this sense of urgency so you don’t have time to think things through or see how this may be an abnormal request you wouldn’t normally get or respond to. Poor Spelling and Grammar – Another common sign of a phishing email is poor spelling and grammar. Many phishing emails try to impersonate large companies such as Google and Microsoft, but then have their phishing emails littered with common spelling mistakes, unusual phrases, and grammatical errors that could easily have been fixed with auto-correct. Suspicious Attachments – Be wary of attachments in emails you weren’t expecting or don’t make sense to you. They often contain payloads like ransomware or other viruses that will infect your computer and network. Try scanning for viruses before opening or reach out to the sender to verify if possible. Too Good To Be True – Special offers or attention-grabbing statements are designed to attract people’s attention immediately. For instance, many claim that you have won an iPhone, a lottery, or some other lavish prize. Remember that if it seems to good to be true, it probably is! Unusual Senders – If the sender is not recognized as someone you would normally communicate with or you did not initiate the conversation, be wary of clicking on anything or responding to the email. Phishing emails are unsolicited, and a common tactic is to inform the recipient they have won a prize or will benefit from a discount by clicking on a link or opening an attachment. Inconsistencies in Email Addresses, Links & Domain Names – Often cyber-criminals will try to make an email address look very similar to a legitimate address, but upon closer inspection, you will see it may be off by a character or two. An example would be (legitimate) versus (not legitimate). Links in emails can be hovered over to see the actual link address. If they don’t match, don’t click! What are Phishing Email Tests? Phishing email tests are mock attacks that helps you better understand everything from your company’s internal email security to your employees’ diligence in reporting phishing scams. It is a controlled environment in which an IT professional determines your employees’ awareness of cybersecurity by determining whether phishing emails can get through email security and, if so, whether your employees will respond to them. This way, you can make the changes you need to make – and properly train your employees – in anticipation of a real cyber-attack. What You Should Do with Your Phishing Email Test Results Ideally, your phishing email test should include everyone in your organization, including those at the highest levels. This way, you can better manage these employees’ awareness of cybersecurity and make the appropriate changes where necessary. Take the results of the test seriously, and use them to determine the best next step for your company, whether that involves implementing managed email security services or providing more training for people who performed poorly during the test by responding to phishing emails. The best way to prevent cyber-attacks like phishing emails is to prepare for them proactively through managed antivirus and anti-spam services that are constantly monitored and updated to prevent even the newest and most dangerous threats. Aside from this, regularly performing phishing email tests in the workplace will help you understand your susceptibility and ultimately create a safer network for your business. Phishing Email Tests Conclusion Every business should incorporate phishing tests as part of their cyber-security plan. Phishing tests help train employees, often the weakest link in any organization’s security, what to look out for and also help identify employees who may need additional training in security. If you’re ready to

The Importance of Phishing Email Tests for Employees Read More »

Computer Scareware

Dealing with Scareware and Malware

Scareware is a form of malware that generates browser pop-ups that resemble Windows or OS X system messages, claiming to be software such as antivirus, antispyware, registry cleaner, driver updater, etc. The system messages report fictitious problems such as infected files or missing driver updates intended to scare users into purchasing useless software or installing malicious software onto their devices. An example of a fictitious alert in the form of a browser pop up recommending known software from an unknown source such as Adobe Flash Player from shown below:   Scareware can also present itself as an intense series of browser pop ups and alarms that scare you into thinking your device is infected. The pop up or system alert may give you a number to call suggesting the alert is from the FBI or Microsoft. The intent is to get you to call and get your permission to login to your computer. STOP RIGHT HERE! If you encounter a suspicious system alert or pop-up, close your browser by clicking CTRL+ALT+DELETE (Windows) or COMMAND+OPTION+ESC (Mac), then end the process, or turn OFF your device. In the event that you have called the number from the scareware, your phone number may have been compromised. If you give the fake technical support permission to login to your device, your device and data have been compromised. After receiving access to your device, the agent is able to further install malicious software and viruses, change your system setting to prevent internet access, and steal your data or lock you out of your own system. The next step the fake technical support agent will take is to scare you into paying them to clean your computer or unlock your data. If you have been victimized by scareware, your device and data may have been compromised. Please contact Pennyrile Technologies at 931.771.1149. If you have given any financial information, we recommend contacting your financial institution to alert them.

Dealing with Scareware and Malware Read More »

Email Phishing

Is That Email a Phishing Scheme?

Research has revealed that over half of all users end up opening fraudulent emails and often even fall for them. Phishing is done with the aim of gathering personal information about you, generally related to your finances. The most common reason for the large number of people falling for fraudulent emails is that the phishing attempts are often so well-disguised that they escape the eyes of a busy email reader. Here are a few tips that help you identify whether that email really came from your bank or is another attempt at defrauding you… They are Asking for Personal Information Remember, no bank or financial institution asks you to share your key personal information via email, or even phone. So, if you get an email where they ask for your ATM PIN or your e-banking password, something’s amiss. The Links Seem to be Fake Phishing emails always contain links that you are asked to click on. You should verify if the links are genuine. Here are a few things to look for when doing that: Spelling – Check for the misspellings in the URL. For example, if your bank’s web address is, a phishing scheme email could misspell it as or Disguised URLs – Sometimes, URLs can be disguised…meaning, while they look genuine, they ultimately redirect you to some fraudulent site. You can recognize the actual URL upon a mouseover, or by right clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink on a notepad file. But, NEVER ever, paste the hyperlink directly into your web browser. URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL will take you to and not to any Bank of America page. Other Tell-Tale Signs Apart from identifying fake URLs, there are other tell-tale signs that help you identify fraudulent emails. Some of these include: Emails where the main message is in the form of an image, which, upon opening, takes you to the malicious URL. Another sign is an attachment. Never open attachments from unknown sources as they may contain viruses that can harm your computer and network. The message seems to urge you to do something immediately. Scammers often induce a sense of urgency in their emails and threaten you with consequences if you don’t respond. For example, threat of bank account closure if you don’t verify your ATM PIN or e-banking password. Finally, get a good anti virus/email protection program installed. It can help you by automatically directing spam and junk mail into spam folders and deactivating malicious attachments. See how our Managed Antivirus and Anti-Spam service can help you today!  

Is That Email a Phishing Scheme? Read More »